Marcus Updateinfo to OVAL Converter 5.5 2022-04-29T06:38:54 openSUSE Leap 15.1 Test update for 15.1 Low cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for evolution fixes the following issues: Security issue fixed: - CVE-2018-15587: Fixed an issue with spoofed pgp signatures by using specially crafted emails (bsc#1125230). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1125230 CVE-2018-15587 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1132160 CVE-2019-11068 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1132091 CVE-2019-11023 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 985657 CVE-2016-3189 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1114209 SUSE bug 1114832 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1118899 SUSE bug 1121397 SUSE bug 1121967 SUSE bug 1123013 SUSE bug 1128376 SUSE bug 1128746 SUSE bug 1134068 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 CVE-2019-6486 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for transfig fixes the following issues: Security issue fixed: - CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531) This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1106531 CVE-2018-16140 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 74.0.3729.157: - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218): - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Important SUSE bug 1134218 CVE-2019-5824 CVE-2019-5827 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting (bsc#1133512). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1104139 SUSE bug 1133512 CVE-2018-15173 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libu2f-host fixes the following issues: Security issue fixed: - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1124781 CVE-2018-20340 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1013708 SUSE bug 1013712 SUSE bug 1013893 SUSE bug 1015171 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1118087 SUSE bug 1134856 CVE-2018-16868 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135278). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). It was disabled by default. - CVE-2019-11811: There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397). - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537). - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character (bnc#1134848). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed (bnc#1132681). - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi: Add Hygon Dhyana support (). - acpi: Add Hygon Dhyana support (fate#327735). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpiCA: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpiCA: Namespace: remove address node from global list after method termination (bsc#1051510). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128) (bsc#1132426). - acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle (bsc#1111666). - acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 (bsc#1111666). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666). - alsa: hda/realtek - Support low power consumption for ALC256 (bsc#1051510). - alsa: hda/realtek - Support low power consumption for ALC295 (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - ARM: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - ARM: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - ARM: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - ARM: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - ARM: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - ARM: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510). - ASoC: fix valid stream condition (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510). - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510). - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510). - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - ASoC: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - ASoC: stm32: fix sai driver name initialisation (bsc#1051510). - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - ath10k: avoid possible string overflow (bsc#1051510). - ath10k: snoc: fix unbalanced clock error handling (bsc#1111666). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: treat stale && dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcm2835: MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - Bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - brcmfmac: fix leak of mypkt on error return path (bsc#1111666). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cfg80211: Handle WMM rules in regulatory domain intersection (bsc#1111666). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - cpufreq: Add Hygon Dhyana support (). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666). - crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666). - crypto: caam/qi2 - generate hash keys in-place (bsc#1111666). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/amd/display: extending AUX SW Timeout (bsc#1111666). - drm/amd/display: fix cursor black issue (bsc#1111666). - drm/amd/display: If one stream full updates, full update all planes (bsc#1111666). - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666). - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI) (bsc#1111666). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/doc: Drop 'content type' from the legacy kms property table (bsc#1111666). - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/exynos/mixer: fix MIXER shadow registry synchronisation code (bsc#1111666). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/fb-helper: generic: Call drm_client_add() after setup is done (bsc#1111666). - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled (bsc#1111666). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt() (bsc#1111666). - drm/i915/gvt: Roundup fb->height into tile's height at calucation fb->size (bsc#1111666). - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113956) - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support (bsc#1133593). - drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593). - drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593). - drm/nouveau: Add strap_peek to debugfs (bsc#1133593). - drm/nouveau/bar/tu104: initial support (bsc#1133593). - drm/nouveau/bar/tu106: initial support (bsc#1133593). - drm/nouveau/bios: translate additional memory types (bsc#1133593). - drm/nouveau/bios: translate USB-C connector type (bsc#1133593). - drm/nouveau/bios/tu104: initial support (bsc#1133593). - drm/nouveau/bios/tu106: initial support (bsc#1133593). - drm/nouveau/bus/tu104: initial support (bsc#1133593). - drm/nouveau/bus/tu106: initial support (bsc#1133593). - drm/nouveau/ce/tu104: initial support (bsc#1133593). - drm/nouveau/ce/tu106: initial support (bsc#1133593). - drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593). - drm/nouveau/core: increase maximum number of nvdec instances to 3 (bsc#1133593). - drm/nouveau/core: recognise TU102 (bsc#1133593). - drm/nouveau/core: recognise TU104 (bsc#1133593). - drm/nouveau/core: recognise TU106 (bsc#1133593). - drm/nouveau/core: support multiple nvdec instances (bsc#1133593). - drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS (bsc#1133593). - drm/nouveau/devinit/tu104: initial support (bsc#1133593). - drm/nouveau/devinit/tu106: initial support (bsc#1133593). - drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0 (bsc#1133593). - drm/nouveau/disp: add support for setting scdc parameters for high modes (bsc#1133593). - drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593). - drm/nouveau/disp/gv100: fix name of window channels in debug output (bsc#1133593). - drm/nouveau/disp: keep track of high-speed state, program into clock (bsc#1133593). - drm/nouveau/disp: take sink support into account for exposing 594mhz (bsc#1133593). - drm/nouveau/disp/tu104: initial support (bsc#1133593). - drm/nouveau/disp/tu106: initial support (bsc#1133593). - drm/nouveau/dma/tu104: initial support (bsc#1133593). - drm/nouveau/dma/tu106: initial support (bsc#1133593). - drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices (bsc#1133593). - drm/nouveau/drm/nouveau: s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593). - drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init() (bsc#1133593). - drm/nouveau/fault: add explicit control over fault buffer interrupts (bsc#1133593). - drm/nouveau/fault: remove manual mapping of fault buffers into BAR2 (bsc#1133593). - drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer (bsc#1133593). - drm/nouveau/fault/tu104: initial support (bsc#1133593). - drm/nouveau/fault/tu106: initial support (bsc#1133593). - drm/nouveau/fb/tu104: initial support (bsc#1133593). - drm/nouveau/fb/tu106: initial support (bsc#1133593). - drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault (bsc#1133593). - drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593). - drm/nouveau/fifo/gk104-: return channel instance in ctor args (bsc#1133593). - drm/nouveau/fifo/gk104-: separate runlist building from committing to hw (bsc#1133593). - drm/nouveau/fifo/gk104-: support enabling privileged ce functions (bsc#1133593). - drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593). - drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593). - drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593). - drm/nouveau/fifo/gv100: return work submission token in channel ctor args (bsc#1133593). - drm/nouveau/fifo/tu104: initial support (bsc#1133593). - drm/nouveau/fifo/tu106: initial support (bsc#1133593). - drm/nouveau: Fix potential memory leak in nouveau_drm_load() (bsc#1133593). - drm/nouveau/fuse/tu104: initial support (bsc#1133593). - drm/nouveau/fuse/tu106: initial support (bsc#1133593). - drm/nouveau/gpio/tu104: initial support (bsc#1133593). - drm/nouveau/gpio/tu106: initial support (bsc#1133593). - drm/nouveau/i2c/tu104: initial support (bsc#1133593). - drm/nouveau/i2c/tu106: initial support (bsc#1133593). - drm/nouveau/ibus/tu104: initial support (bsc#1133593). - drm/nouveau/ibus/tu106: initial support (bsc#1133593). - drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning address (bsc#1133593). - drm/nouveau/imem/tu104: initial support (bsc#1133593). - drm/nouveau/imem/tu106: initial support (bsc#1133593). - drm/nouveau/kms/nv50-: allow more flexibility with lut formats (bsc#1133593). - drm/nouveau/kms/tu104: initial support (bsc#1133593). - drm/nouveau/ltc/tu104: initial support (bsc#1133593). - drm/nouveau/ltc/tu106: initial support (bsc#1133593). - drm/nouveau/mc/tu104: initial support (bsc#1133593). - drm/nouveau/mc/tu106: initial support (bsc#1133593). - drm/nouveau/mmu: add more general vmm free/node handling functions (bsc#1133593). - drm/nouveau/mmu/tu104: initial support (bsc#1133593). - drm/nouveau/mmu/tu106: initial support (bsc#1133593). - drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593). - drm/nouveau/pci/tu104: initial support (bsc#1133593). - drm/nouveau/pci/tu106: initial support (bsc#1133593). - drm/nouveau/pmu/tu104: initial support (bsc#1133593). - drm/nouveau/pmu/tu106: initial support (bsc#1133593). - drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593). - drm/nouveau: register backlight on pascal and newer (bsc#1133593). - drm/nouveau: remove left-over struct member (bsc#1133593). - drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593). - drm/nouveau: Start using new drm_dev initialization helpers (bsc#1133593). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/therm/tu104: initial support (bsc#1133593). - drm/nouveau/therm/tu106: initial support (bsc#1133593). - drm/nouveau/tmr/tu104: initial support (bsc#1133593). - drm/nouveau/tmr/tu106: initial support (bsc#1133593). - drm/nouveau/top/tu104: initial support (bsc#1133593). - drm/nouveau/top/tu106: initial support (bsc#1133593). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666). - drm/panel: panel-innolux: set display off in innolux_panel_unprepare (bsc#1111666). - drm/pl111: Initialize clock spinlock early (bsc#1111666). - drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666). - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: fix for mailbox read validation (bsc#1111666). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind (bsc#1111666). - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bsc#1111666). - drm/tegra: hub: Fix dereference before check (bsc#1111666). - drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666). - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666). - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666). - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC, amd64: Add Hygon Dhyana support (fate#327735). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - fix rtnh_ok() (git-fixes). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - HID: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - HID: input: add mapping for Assistant key (bsc#1051510). - HID: input: add mapping for Expose/Overview key (bsc#1051510). - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - HID: input: add mapping for 'Toggle Display' key (bsc#1051510). - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - HID: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: imx: correct the method of getting private data in notifier_call (bsc#1111666). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: synquacer: fix enumeration of slave devices (bsc#1111666). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - Input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - Input: introduce KEY_ASSISTANT (bsc#1051510). - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - Input: synaptics-rmi4 - fix possible double free (bsc#1051510). - Input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier (bsc#1111666). - ipmi: Prevent use-after-free in deliver_response (bsc#1111666). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: fix stats update from local clients (git-fixes). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix driver operation for 5350 (bsc#1111666). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - kABI: protect functions using struct net_generic (bsc#1129845 LTC#176252). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252). - kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252). - kABI: restore icmp_send (kabi). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - kernfs: do not set dentry->d_fsdata (boo#1133115). - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510). - KEYS: user: Align the payload buffer (bsc#1051510). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - lib: do not depend on linux headers being installed (bsc#1130972). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: do not attempt to rename ERR_PTR() debugfs dirs (bsc#1111666). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode (bsc#1111666). - mac8390: Fix mmio access size probe (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - MD: fix invalid stored role for a disk (bsc#1051510). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - mISDN: Check address length before reading address family (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: core: fix possible use after free of host (bsc#1051510). - mmc: core: Fix tag set memory leak (bsc#1111666). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mm: create non-atomic version of SetPageReserved for init use (jsc#SLE-6647). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Make resume actually do something useful again on SDIO cards (bsc#1111666). - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net: initialize skb->peeked when cloning (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net/smc: add pnet table namespace support (bsc#1129845 LTC#176252). - net/smc: add smcd support to the pnet table (bsc#1129845 LTC#176252). - net/smc: allow PCI IDs as ib device names in the pnet table (bsc#1129845 LTC#176252). - net/smc: allow pnetid-less configuration (bsc#1129845 LTC#176252). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1129845 LTC#176252). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: rework pnet table (bsc#1129845 LTC#176252). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: test tailroom before appending to linear skb (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme-fc: use separate work queue to avoid warning (bsc#1131673). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1130937). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - overflow: Fix -Wtype-limits compilation warnings (bsc#1111666). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - packet: validate msg_namelen in send directly (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - PCI: Init PCIe feature bits for managed host bridge alloc (bsc#1111666). - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - PCI: pciehp: Convert to threaded IRQ (bsc#1133005). - PCI: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - PCI: pciehp: Tolerate Presence Detect hardwired to zero (bsc#1133016). - perf tools: Add Hygon Dhyana support (). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1134223). - perf/x86/amd: Update generic hardware cache events for Family 17h (bsc#1134223). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128971). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rdma/smc: Replace ib_query_gid with rdma_get_gid_attr (bsc#1131530 LTC#176717). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - Re-enable nouveau for PCI device 10de:1cbb (bsc#1133593). - Re-export snd_cards for kABI compatibility (bsc#1051510). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - Revert 'alsa: seq: Protect in-kernel ioctl calls with mutex' (bsc#1051510). - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843). - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843). - Revert 'drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)' The patch seems buggy, breaks the build for armv7hl/pae config. - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946). - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946, bsc#1119843). - Revert 'tty: pty: Fix race condition between release_one_tty and pty_write' (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts/git_sort/git_sort.py: remove old SCSI git branches - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: smartpqi: add H3C controller IDs (bsc#1133547). - scsi: smartpqi: add h3c ssid (bsc#1133547). - scsi: smartpqi: add no_write_same for logical volumes (bsc#1133547). - scsi: smartpqi: add ofa support (bsc#1133547). - scsi: smartpqi: Add retries for device reset (bsc#1133547). - scsi: smartpqi: add smp_utils support (bsc#1133547). - scsi: smartpqi: add spdx (bsc#1133547). - scsi: smartpqi: add support for huawei controllers (bsc#1133547). - scsi: smartpqi: add support for PQI Config Table handshake (bsc#1133547). - scsi: smartpqi: add sysfs attributes (bsc#1133547). - scsi: smartpqi: allow for larger raid maps (bsc#1133547). - scsi: smartpqi: bump driver version (bsc#1133547). - scsi: smartpqi: bump driver version (bsc#1133547). - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() (bsc#1133547). - scsi: smartpqi: check for null device pointers (bsc#1133547). - scsi: smartpqi: correct host serial num for ssa (bsc#1133547). - scsi: smartpqi: correct lun reset issues (bsc#1133547). - scsi: smartpqi: correct volume status (bsc#1133547). - scsi: smartpqi: do not offline disks for transient did no connect conditions (bsc#1133547). - scsi: smartpqi: enhance numa node detection (bsc#1133547). - scsi: smartpqi: fix build warnings (bsc#1133547). - scsi: smartpqi: fix disk name mount point (bsc#1133547). - scsi: smartpqi: fully convert to the generic DMA API (bsc#1133547). - scsi: smartpqi: increase fw status register read timeout (bsc#1133547). - scsi: smartpqi: increase LUN reset timeout (bsc#1133547). - scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start (bsc#1133547). - scsi: smartpqi: refactor sending controller raid requests (bsc#1133547). - scsi: smartpqi: Reporting 'logical unit failure' (bsc#1133547). - scsi: smartpqi: turn off lun data caching for ptraid (bsc#1133547). - scsi: smartpqi: update copyright (bsc#1133547). - scsi: smartpqi: update driver version (bsc#1133547). - scsi: smartpqi: wake up drives after os resumes from suspend (bsc#1133547). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: Add missing pm_runtime_put_noidle() after failed get (bsc#1111666). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi-mem: fix kernel-doc for spi_mem_dirmap_{read|write}() (bsc#1111666). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc (bsc#1111666). - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference (bsc#1111666). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - testing: nvdimm: provide SZ_4G constant (bsc#1132982). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tools/cpupower: Add Hygon Dhyana support (). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: fix blocking read (networking-stable-19_03_07). - tun: properly test for IFF_UP (networking-stable-19_03_28). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - uas: fix alignment of scatter/gather segments (bsc#1129770). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - Update config files. Debug kernel is not supported (bsc#1135492). - Update config files: disable CONFIG_IDE for ppc64le - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/perf/amd: Remove need to check 'running' bit in NMI handler (bsc#1131438). - x86/perf/amd: Resolve NMI latency issues for active PMCs (bsc#1131438). - x86/perf/amd: Resolve race condition when disabling PMC (bsc#1131438). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: check _btree_check_block value (bsc#1123663). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor unmount record write (bsc#1114427). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). Important SUSE bug 1050549 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1063638 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1086657 SUSE bug 1097584 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112063 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1119680 SUSE bug 1119843 SUSE bug 1120843 SUSE bug 1122776 SUSE bug 1123663 SUSE bug 1124839 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127374 SUSE bug 1128415 SUSE bug 1128971 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129845 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131438 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131530 SUSE bug 1131574 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1132044 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132369 SUSE bug 1132373 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132564 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132894 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133149 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133547 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 SUSE bug 1133897 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134461 SUSE bug 1134597 SUSE bug 1134600 SUSE bug 1134651 SUSE bug 1134810 SUSE bug 1134848 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135315 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135492 SUSE bug 1135642 CVE-2018-7191 CVE-2019-11085 CVE-2019-11486 CVE-2019-11811 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-3882 CVE-2019-5489 CVE-2019-9500 CVE-2019-9503 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for GraphicsMagick fixes the following issues: Changes in GraphicsMagick: - disable also PCL decoding by default, as it is also passed through ghostscript (boo#1136183) Moderate SUSE bug 1136183 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1134524 CVE-2019-5021 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1105435 CVE-2018-1000654 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1128935 SUSE bug 1128937 SUSE bug 1130746 SUSE bug 1133100 CVE-2019-9704 CVE-2019-9705 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 exim was updated to fix a security issue. - CVE-2019-10149: Fixed a Remote Command Execution in exim (bsc#1136587) Important SUSE bug 1136587 CVE-2019-10149 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1100687 SUSE bug 1121624 SUSE bug 1124211 CVE-2018-13785 CVE-2019-7317 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bubblewrap to version 0.3.3 fixes the following issue: Security issue fixed: - CVE-2019-12439: Fixed a temporary directory misuse as mount point which could have allowed local user to prevent others from running bubblewrap. Moderate SUSE bug 1136958 CVE-2019-12439 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for neovim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to version 75.0.3770.80 fixes the following issues: Security issues fixed: - CVE-2019-5828: Fixed a Use after free in ServiceWorker - CVE-2019-5829: Fixed Use after free in Download Manager - CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS - CVE-2019-5831: Fixed an incorrect map processing in V8 - CVE-2019-5832: Fixed an incorrect CORS handling in XHR - CVE-2019-5833: Fixed an inconsistent security UI placemen - CVE-2019-5835: Fixed an out of bounds read in Swiftshader - CVE-2019-5836: Fixed a heap buffer overflow in Angle - CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache - CVE-2019-5838: Fixed an overly permissive tab access in Extensions - CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink - CVE-2019-5840: Fixed a popup blocker bypass - CVE-2019-5834: Fixed a URL spoof in Omnibox on iOS Important SUSE bug 1137332 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. (bnc#1136922) - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424). - CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699) - CVE-2019-12382: In the drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586). - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190). The following non-security bugs were fixed: - ACPI: Add Hygon Dhyana support (). - ACPI: fix menuconfig presentation of ACPI submenu (bsc#1117158). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: hda/realtek - Enable micmute LED for Huawei laptops (bsc#1051510). - ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: fix ACPI dependencies (bsc#1117158). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_ACPI - ARM: iop: do not use using 64-bit DMA masks (bsc#1051510). - ARM: orion: do not use using 64-bit DMA masks (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() (jsc#SLE-4797). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - Bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bnx2x: Add support for detection of P2P event packets (bsc#1136498 jsc#SLE-4699). - bnx2x: Bump up driver version to 1.713.36 (bsc#1136498 jsc#SLE-4699). - bnx2x: fix spelling mistake 'dicline' -> 'decline' (bsc#1136498 jsc#SLE-4699). - bnx2x: fix various indentation issues (bsc#1136498 jsc#SLE-4699). - bnx2x: Remove set but not used variable 'mfw_vn' (bsc#1136498 jsc#SLE-4699). - bnx2x: Replace magic numbers with macro definitions (bsc#1136498 jsc#SLE-4699). - bnx2x: Use struct_size() in kzalloc() (bsc#1136498 jsc#SLE-4699). - bnx2x: Utilize FW 7.13.11.0 (bsc#1136498 jsc#SLE-4699). - bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices (bsc#1137224). - bnxt_en: Add support for BCM957504 (bsc#1137224). - bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix statistics context reservation logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve multicast address setup logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954). - bnxt_en: Pass correct extended TX port statistics size to firmware (bsc#1134090 jsc#SLE-5954). - bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090 jsc#SLE-5954). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix NULL pointer derefence during USB disconnect (bsc#1111666). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - broadcom: Mark expected switch fall-throughs (bsc#1136498 jsc#SLE-4699). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - chardev: add additional check for minor range overlap (bsc#1051510). - chelsio: use BUG() instead of BUG_ON(1) (bsc#1136345 jsc#SLE-4681). - config: arm64: enable CN99xx uncore pmu References: bsc#1117114 - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - cpufreq: Add Hygon Dhyana support (). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - crypto: chcr - ESN for Inline IPSec Tx (bsc#1136353 jsc#SLE-4688). - crypto: chcr - small packet Tx stalls the queue (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - avoid using sa_entry imm (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - check set_msg_len overflow in generate_b0 (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - cleanup:send addr as value in function argument (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - clean up various indentation issues (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - count incomplete block in IV (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fixed Traffic Stall (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix NULL pointer dereference (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_op (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix softlockup with heavy I/O (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix wrong error counter increments (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Handle PCI shutdown event (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Inline single pdu only (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - remove set but not used variable 'kctx_len' (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - remove set but not used variables 'adap' (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Reset counters on cxgb4 Detach (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Swap location of AAD and IV sent in WR (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Use same value for both channel in single WR (bsc#1136353 jsc#SLE-4688). - crypto: chtls - remove cdev_list_lock (bsc#1136353 jsc#SLE-4688). - crypto: chtls - remove set but not used variables 'err, adap, request, hws' (bsc#1136353 jsc#SLE-4688). - crypto: prefix header search paths with $(srctree)/ (bsc#1136353 jsc#SLE-4688). - crypto: qat - move temp buffers off the stack (jsc#SLE-4818). - crypto: qat - no need to check return value of debugfs_create functions (jsc#SLE-4818). - crypto: qat - Remove unused goto label (jsc#SLE-4818). - crypto: qat - Remove VLA usage (jsc#SLE-4818). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - cxgb4: Add new T6 PCI device ids 0x608b (bsc#1136345 jsc#SLE-4681). - cxgb4: add tcb flags and tcb rpl struct (bsc#1136345 jsc#SLE-4681). - cxgb4: Add VF Link state support (bsc#1136345 jsc#SLE-4681). - cxgb4/chtls: Prefix adapter flags with CXGB4 (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Display advertised FEC in ethtool (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Fix up netdev->hw_features (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf_main: Mark expected switch fall-through (bsc#1136345 jsc#SLE-4681). - cxgb4: Delete all hash and TCAM filters before resource cleanup (bsc#1136345 jsc#SLE-4681). - cxgb4: Do not return EAGAIN when TCAM is full (bsc#1136345 jsc#SLE-4681). - cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681). - cxgb4: Enable outer UDP checksum offload for T6 (bsc#1136345 jsc#SLE-4681). - cxgb4: Fix error path in cxgb4_init_module (bsc#1136345 jsc#SLE-4681). - cxgb4: free mac_hlist properly (bsc#1136345 jsc#SLE-4681). - cxgb4: kfree mhp after the debug print (bsc#1136345 jsc#SLE-4681). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1136345 jsc#SLE-4681). - cxgb4: remove DEFINE_SIMPLE_DEBUGFS_FILE() (bsc#1136345 jsc#SLE-4681). - cxgb4: remove set but not used variables 'multitrc, speed' (bsc#1136345 jsc#SLE-4681). - cxgb4: Revert 'cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size' (bsc#1136345 jsc#SLE-4681). - cxgb4: TLS record offload enable (bsc#1136345 jsc#SLE-4681). - cxgb4: Update 1.23.3.0 as the latest firmware supported (bsc#1136345 jsc#SLE-4681). - cxgb4: use firmware API for validating filter spec (bsc#1136345 jsc#SLE-4681). - cxgb4vf: Call netif_carrier_off properly in pci_probe (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Enter debugging mode if FW is inaccessible (bsc#1136347 jsc#SLE-4683). - cxgb4vf: free mac_hlist properly (bsc#1136345 jsc#SLE-4681). - cxgb4vf: Prefix adapter flags with CXGB4VF (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Revert force link up behaviour (bsc#1136347 jsc#SLE-4683). - dmaengine: at_xdmac: remove BUG_ON macro in tasklet (bsc#1111666). - dmaengine: ioat: constify pci_device_id (jsc#SLE-5442). - dmaengine: ioatdma: add descriptor pre-fetch support for v3.4 (jsc#SLE-5442). - dmaengine: ioatdma: Add intr_coalesce sysfs entry (jsc#SLE-5442). - dmaengine: ioatdma: Add Snow Ridge ioatdma device id (jsc#SLE-5442). - dmaengine: ioatdma: disable DCA enabling on IOATDMA v3.4 (jsc#SLE-5442). - dmaengine: ioatdma: set the completion address register after channel reset (jsc#SLE-5442). - dmaengine: ioatdma: support latency tolerance report (LTR) for v3.4 (jsc#SLE-5442). - dmaengine: ioat: do not use DMA_ERROR_CODE (jsc#SLE-5442). - dmaengine: ioat: fix prototype of ioat_enumerate_channels (jsc#SLE-5442). - dmaengine: pl330: _stop: clear interrupt status (bsc#1111666). - dmaengine: Replace WARN_TAINT_ONCE() with pr_warn_once() (jsc#SLE-5442). - dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666). - dmaengine: tegra210-adma: restore channel status (bsc#1111666). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - Documentation: Add MDS vulnerability documentation (bsc#1135642). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Documentation: perf: Add documentation for ThunderX2 PMU uncore driver (). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers/dma/ioat: Remove now-redundant smp_read_barrier_depends() (jsc#SLE-5442). - drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver (). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm: add non-desktop quirk for Valve HMDs (bsc#1111666). - drm: add non-desktop quirks to Sensics and OSVR headsets (bsc#1111666). - drm/amd/display: Fix Divide by 0 in memory calculations (bsc#1111666). - drm/amd/display: fix releasing planes when exiting odm (bsc#1111666). - drm/amd/display: Set stream->mode_changed when connectors change (bsc#1111666). - drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to early_init (bsc#1111666). - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bsc#1111666). - drm: do not block fb changes for async plane updates (bsc#1111666). - drm_dp_cec: add note about good MegaChips 2900 CEC support (bsc#1136978). - drm_dp_cec: check that aux has a transfer function (bsc#1136978). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm: etnaviv: avoid DMA API warning when importing buffers (bsc#1111666). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bsc#1111666). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915: Maintain consistent documentation subsection ordering (bsc#1111666). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/lease: Make sure implicit planes are leased (bsc#1111666). - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/msm: a5xx: fix possible object reference leak (bsc#1111666). - drm/msm: fix fb references in async update (bsc#1111666). - drm/nouveau/bar/nv50: ensure BAR is mapped (bsc#1111666). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls (bsc#1111666). - drm/panel: otm8009a: Add delay at the end of initialization (bsc#1111666). - drm/pl111: fix possible object reference leak (bsc#1111666). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm/sun4i: dsi: Change the start delay calculation (bsc#1111666). - drm/sun4i: dsi: Enforce boundaries on the start delay (bsc#1111666). - drm/sun4i: Fix sun8i HDMI PHY clock initialization (bsc#1111666). - drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz (bsc#1111666). - drm/v3d: Handle errors from IRQ setup (bsc#1111666). - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - e1000e: Disable runtime PM on CNP+ (jsc#SLE-4804). - e1000e: Exclude device from suspend direct complete optimization (jsc#SLE-4804). - e1000e: fix a missing check for return value (jsc#SLE-4804). - EDAC, amd64: Add Hygon Dhyana support (). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). Enable NFSv4.2 support - jsc@PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0 - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fm10k: TRIVIAL cleanup of extra spacing in function comment (jsc#SLE-4796). - fm10k: use struct_size() in kzalloc() (jsc#SLE-4796). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - HID: core: move Usage Page concatenation to Main item (bsc#1093389). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - i2c: synquacer: fix synquacer_i2c_doxfer() return value (bsc#1111666). - i40e: Able to add up to 16 MAC filters on an untrusted VF (jsc#SLE-4797). - i40e: add new pci id for X710/XXV710 N3000 cards (jsc#SLE-4797). - i40e: add num_vectors checker in iwarp handler (jsc#SLE-4797). - i40e: Add support FEC configuration for Fortville 25G (jsc#SLE-4797). - i40e: Add support for X710 B/P & SFP+ cards (jsc#SLE-4797). - i40e: add tracking of AF_XDP ZC state for each queue pair (jsc#SLE-4797). - i40e: change behavior on PF in response to MDD event (jsc#SLE-4797). - i40e: Changed maximum supported FW API version to 1.8 (jsc#SLE-4797). - i40e: Change unmatched function types (jsc#SLE-4797). - i40e: check queue pairs num in config queues handler (jsc#SLE-4797). - i40e: clean up several indentation issues (jsc#SLE-4797). - i40e: do not allow changes to HW VLAN stripping on active port VLANs (jsc#SLE-4797). - i40e: Fix for 10G ports LED not blinking (jsc#SLE-4797). - i40e: Fix for allowing too many MDD events on VF (jsc#SLE-4797). - i40e: fix i40e_ptp_adjtime when given a negative delta (jsc#SLE-4797). - i40e: Fix misleading error message (jsc#SLE-4797). - i40e: fix misleading message about promisc setting on un-trusted VF (jsc#SLE-4797). - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c (jsc#SLE-4797). - i40e: Fix the typo in adding 40GE KR4 mode (jsc#SLE-4797). - i40e: Further implementation of LLDP (jsc#SLE-4797). - i40e: Implement DDP support in i40e driver (jsc#SLE-4797). - i40e: increase indentation (jsc#SLE-4797). - i40e: Introduce recovery mode support (jsc#SLE-4797). - i40e: Limiting RSS queues to CPUs (jsc#SLE-4797). - i40e: Memory leak in i40e_config_iwarp_qvlist (jsc#SLE-4797). - i40e: missing input validation on VF message handling by the PF (jsc#SLE-4797). - i40e: move i40e_xsk_umem function (jsc#SLE-4797). - i40e: print PCI vendor and device ID during probe (jsc#SLE-4797). - i40e: Queues are reserved despite 'Invalid argument' error (jsc#SLE-4797). - i40e: remove debugfs tx_timeout support (jsc#SLE-4797). - i40e: remove error msg when vf with port vlan tries to remove vlan 0 (jsc#SLE-4797). - i40e: Remove misleading messages for untrusted VF (jsc#SLE-4797). - i40e: remove out-of-range comparisons in i40e_validate_cloud_filter (jsc#SLE-4797). - i40e: Remove umem from VSI (jsc#SLE-4797). - i40e: Report advertised link modes on 40GBase_LR4, CR4 and fibre (jsc#SLE-4797). - i40e: Report advertised link modes on 40GBASE_SR4 (jsc#SLE-4797). - i40e: Revert ShadowRAM checksum calculation change (jsc#SLE-4797). - i40e: save PTP time before a device reset (jsc#SLE-4797). - i40e: Setting VF to VLAN 0 requires restart (jsc#SLE-4797). - i40e: ShadowRAM checksum calculation change (jsc#SLE-4797). - i40e: The driver now prints the API version in error message (jsc#SLE-4797). - i40e: Update i40e_init_dcb to return correct error (jsc#SLE-4797). - i40e: update version number (jsc#SLE-4797). - i40e: update version number (jsc#SLE-4797). - i40e: Use struct_size() in kzalloc() (jsc#SLE-4797). - i40e: VF's promiscuous attribute is not kept (jsc#SLE-4797). - i40e: Wrong truncation from u16 to u8 (jsc#SLE-4797). - i40iw: Avoid panic when handling the inetdev event (jsc#SLE-4793). - i40iw: remove support for ib_get_vector_affinity (jsc#SLE-4793). - i40iw: remove use of VLAN_TAG_PRESENT (jsc#SLE-4793). - IB/hfi1: Add debugfs to control expansion ROM write protect (jsc#SLE-4925). - IB/hfi1: Add selected Rcv counters (jsc#SLE-4925). - IB/hfi1: Close VNIC sdma_progress sleep window (jsc#SLE-4925). - IB/hfi1: Consider LMC in 16B/bypass ingress packet check (jsc#SLE-4925). - IB/hfi1: Correctly process FECN and BECN in packets (jsc#SLE-4925). - IB/hfi1: Dump pio info for non-user send contexts (jsc#SLE-4925). - IB/hfi1: Eliminate opcode tests on mr deref (jsc#SLE-4925). - IB/hfi1: Failed to drain send queue when QP is put into error state (jsc#SLE-4925). - IB/hfi1: Fix the allocation of RSM table (jsc#SLE-4925). - IB/hfi1: Fix two format strings (jsc#SLE-4925). - IB/hfi1: Fix WQ_MEM_RECLAIM warning (jsc#SLE-4925). - IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state (jsc#SLE-4925). - IB/hfi1: Incorrect sizing of sge for PIO will OOPs (jsc#SLE-4925). - IB/hfi1: Limit VNIC use of SDMA engines to the available count (jsc#SLE-4925). - IB/hfi1: Reduce lock contention on iowait_lock for sdma and pio (jsc#SLE-4925). - IB/hfi1: Remove overly conservative VM_EXEC flag check (jsc#SLE-4925). - IB/hfi1: Remove WARN_ON when freeing expected receive groups (jsc#SLE-4925). - IB/hfi1: Unreserve a reserved request when it is completed (jsc#SLE-4925). - IB/hw: Remove unneeded semicolons (bsc#1136456 jsc#SLE-4689). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace (jsc#SLE-4925). - IB/rdmavt: Fix frwr memory registration (jsc#SLE-4925). - IB/rdmavt: Fix loopback send with invalidate ordering (jsc#SLE-4925). - IB/{rdmavt, hfi1): Miscellaneous comment fixes (jsc#SLE-4925). - ice: Add 52 byte RSS hash key support (jsc#SLE-4803). - ice: add and use new ice_for_each_traffic_class() macro (jsc#SLE-4803). - ice: Add code for DCB initialization part 1/4 (jsc#SLE-4803). - ice: Add code for DCB initialization part 2/4 (jsc#SLE-4803). - ice: Add code for DCB initialization part 3/4 (jsc#SLE-4803). - ice: Add code for DCB initialization part 4/4 (jsc#SLE-4803). - ice: Add code for DCB rebuild (jsc#SLE-4803). - ice: Add code to control FW LLDP and DCBX (jsc#SLE-4803). - ice: Add code to get DCB related statistics (jsc#SLE-4803). - ice: Add code to process LLDP MIB change events (jsc#SLE-4803). - ice: add const qualifier to mac_addr parameter (jsc#SLE-4803). - ice: Add ethtool private flag to make forcing link down optional (jsc#SLE-4803). - ice: Add ethtool set_phys_id handler (jsc#SLE-4803). - ice: Add function to program ethertype based filter rule on VSIs (jsc#SLE-4803). - ice: Add missing case in print_link_msg for printing flow control (jsc#SLE-4803). - ice: Add missing PHY type to link settings (jsc#SLE-4803). - ice: Add more validation in ice_vc_cfg_irq_map_msg (jsc#SLE-4803). - ice: Add priority information into VLAN header (jsc#SLE-4803). - ice: Add reg_idx variable in ice_q_vector structure (jsc#SLE-4803). - ice: Add support for adaptive interrupt moderation (jsc#SLE-4803). - ice: Add support for new PHY types (jsc#SLE-4803). - ice: Add support for PF/VF promiscuous mode (jsc#SLE-4803). - ice: Allow for software timestamping (jsc#SLE-4803). - ice: Always free/allocate q_vectors (jsc#SLE-4803). - ice: Audit hotpath structures with pahole (jsc#SLE-4803). - ice: avoid multiple unnecessary de-references in probe (jsc#SLE-4803). - ice: Bump driver version (jsc#SLE-4803). - ice: Bump version (jsc#SLE-4803). - ice: Calculate ITR increment based on direct calculation (jsc#SLE-4803). - ice: change VF VSI tc info along with num_queues (jsc#SLE-4803). - ice: check for a leaf node presence (jsc#SLE-4803). - ice: clear VF ARQLEN register on reset (jsc#SLE-4803). - ice: code cleanup in ice_sched.c (jsc#SLE-4803). - ice: configure GLINT_ITR to always have an ITR gran of 2 (jsc#SLE-4803). - ice: Configure RSS LUT and HASH KEY in rebuild path (jsc#SLE-4803). - ice: Create a generic name for the ice_rx_flg64_bits structure (jsc#SLE-4803). - ice: Create framework for VSI queue context (jsc#SLE-4803). - ice: Determine descriptor count and ring size based on PAGE_SIZE (jsc#SLE-4803). - ice: Disable sniffing VF traffic on PF (jsc#SLE-4803). - ice: Do not bail out when filter already exists (jsc#SLE-4803). - ice: Do not let VF know that it is untrusted (jsc#SLE-4803). - ice: Do not remove VLAN filters that were never programmed (jsc#SLE-4803). - ice: Do not set LB_EN for prune switch rules (jsc#SLE-4803). - ice: do not spam VFs with link messages (jsc#SLE-4803). - ice: Do not unnecessarily initialize local variable (jsc#SLE-4803). - ice: Enable LAN_EN for the right recipes (jsc#SLE-4803). - ice: Enable link events over the ARQ (jsc#SLE-4803). - ice: Enable MAC anti-spoof by default (jsc#SLE-4803). - ice: enable VF admin queue interrupts (jsc#SLE-4803). - ice : Ensure only valid bits are set in ice_aq_set_phy_cfg (jsc#SLE-4803). - ice: Fix added in VSI supported nodes calc (jsc#SLE-4803). - ice: Fix broadcast traffic in port VLAN mode (jsc#SLE-4803). - ice: Fix for adaptive interrupt moderation (jsc#SLE-4803). - ice: Fix for allowing too many MDD events on VF (jsc#SLE-4803). - ice: Fix for FC get rx/tx pause params (jsc#SLE-4803). - ice: fix ice_remove_rule_internal vsi_list handling (jsc#SLE-4803). - ice: Fix incorrect use of abbreviations (jsc#SLE-4803). - ice: Fix issue reclaiming resources back to the pool after reset (jsc#SLE-4803). - ice: Fix issue reconfiguring VF queues (jsc#SLE-4803). - ice: Fix issue when adding more than allowed VLANs (jsc#SLE-4803). - ice: fix issue where host reboots on unload when iommu=on (jsc#SLE-4803). - ice: Fix issue with VF attempt to delete default MAC address (jsc#SLE-4803). - ice: Fix issue with VF reset and multiple VFs support on PFs (jsc#SLE-4803). - ice: fix numeric overflow warning (jsc#SLE-4803). - ice: fix overlong string, update stats output (jsc#SLE-4803). - ice: fix some function prototype and signature style issues (jsc#SLE-4803). - ice: fix stack hogs from struct ice_vsi_ctx structures (jsc#SLE-4803). - ice: fix static analysis warnings (jsc#SLE-4803). - ice: Fix the calculation of ICE_MAX_MTU (jsc#SLE-4803). - ice: fix the divide by zero issue (jsc#SLE-4803). - ice: Fix typos in code comments (jsc#SLE-4803). - ice: flush Tx pipe on disable queue timeout (jsc#SLE-4803). - ice: Gather the rx buf clean-up logic for better reuse (jsc#SLE-4803). - ice: Get resources per function (jsc#SLE-4803). - ice: Get rid of ice_pull_tail (jsc#SLE-4803). - ice: Get VF VSI instances directly via PF (jsc#SLE-4803). - ice: Implement flow to reset VFs with PFR and other resets (jsc#SLE-4803). - ice: Implement getting and setting ethtool coalesce (jsc#SLE-4803). - ice: Implement pci_error_handler ops (jsc#SLE-4803). - ice: Implement support for normal get_eeprom[_len] ethtool ops (jsc#SLE-4803). - ice: Introduce bulk update for page count (jsc#SLE-4803). - ice: Limit the ice_add_rx_frag to frag addition (jsc#SLE-4803). - ice: map Rx buffer pages with DMA attributes (jsc#SLE-4803). - ice: Move aggregator list into ice_hw instance (jsc#SLE-4803). - ice: Offload SCTP checksum (jsc#SLE-4803). - ice: only use the VF for ICE_VSI_VF in ice_vsi_release (jsc#SLE-4803). - ice: Preserve VLAN Rx stripping settings (jsc#SLE-4803). - ice: Prevent unintended multiple chain resets (jsc#SLE-4803). - ice: Pull out page reuse checks onto separate function (jsc#SLE-4803). - ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset (jsc#SLE-4803). - ice: Reduce scope of variable in ice_vsi_cfg_rxqs (jsc#SLE-4803). - ice: Refactor a few Tx scheduler functions (jsc#SLE-4803). - ice: Refactor getting/setting coalesce (jsc#SLE-4803). - ice: Refactor link event flow (jsc#SLE-4803). - ice: Remove '2 BITS' comment (jsc#SLE-4803). - ice: Remove __always_unused attribute (jsc#SLE-4803). - ice: remove redundant variable and if condition (jsc#SLE-4803). - ice: Remove runtime change of PFINT_OICR_ENA register (jsc#SLE-4803). - ice: Remove unnecessary braces (jsc#SLE-4803). - ice: Remove unnecessary newlines from log messages (jsc#SLE-4803). - ice: Remove unnecessary wait when disabling/enabling Rx queues (jsc#SLE-4803). - ice: Remove unused function prototype (jsc#SLE-4803). - ice: Remove unused function prototype (jsc#SLE-4803). - ice: Remove unused vsi_id field (jsc#SLE-4803). - ice: Reset all VFs with VFLR during SR-IOV init flow (jsc#SLE-4803). - ice: Resolve static analysis reported issue (jsc#SLE-4803). - ice: Restore VLAN switch rule if port VLAN existed before (jsc#SLE-4803). - ice: Retrieve rx_buf in separate function (jsc#SLE-4803). - ice: Return configuration error without queue to disable (jsc#SLE-4803). - ice: Rework queue management code for reuse (jsc#SLE-4803). - ice: Separate if conditions for ice_set_features() (jsc#SLE-4803). - ice: Set LAN_EN for all directional rules (jsc#SLE-4803). - ice: Set physical link up/down when an interface is set up/down (jsc#SLE-4803). - ice: sizeof(&lt;type>) should be avoided (jsc#SLE-4803). - ice: Suppress false-positive style issues reported by static analyzer (jsc#SLE-4803). - ice: Update comment regarding the ITR_GRAN_S (jsc#SLE-4803). - ice: Update function header for __ice_vsi_get_qs (jsc#SLE-4803). - ice: Update rings based on TC information (jsc#SLE-4803). - ice: update VSI config dynamically (jsc#SLE-4803). - ice: use absolute vector ID for VFs (jsc#SLE-4803). - ice: Use bitfields where possible (jsc#SLE-4803). - ice: Use dev_err when ice_cfg_vsi_lan fails (jsc#SLE-4803). - ice: Use ice_for_each_q_vector macro where possible (jsc#SLE-4803). - ice: use ice_for_each_vsi macro when possible (jsc#SLE-4803). - ice: use irq_num var in ice_vsi_req_irq_msix (jsc#SLE-4803). - ice: Use more efficient structures (jsc#SLE-4803). - ice: Use pf instead of vsi-back (jsc#SLE-4803). - ice: use virt channel status codes (jsc#SLE-4803). - ice: Validate ring existence and its q_vector per VSI (jsc#SLE-4803). - igb: Bump version number (jsc#SLE-4798). - igb: Exclude device from suspend direct complete optimization (jsc#SLE-4798). - igb: fix various indentation issues (jsc#SLE-4798). - igb: Fix WARN_ONCE on runtime suspend (jsc#SLE-4798). - igb: use struct_size() helper (jsc#SLE-4798). - igc: Add ethtool support (jsc#SLE-4799). - igc: Add multiple receive queues control supporting (jsc#SLE-4799). - igc: Add support for statistics (jsc#SLE-4799). - igc: Add support for the ntuple feature (jsc#SLE-4799). - igc: Extend the ethtool supporting (jsc#SLE-4799). - igc: Fix code redundancy (jsc#SLE-4799). - igc: Fix the typo in igc_base.h header definition (jsc#SLE-4799). - igc: Remove the 'igc_get_phy_id_base' method (jsc#SLE-4799). - igc: Remove the 'igc_read_mac_addr_base' method (jsc#SLE-4799). - igc: Remove unneeded code (jsc#SLE-4799). - igc: Remove unneeded hw_dbg prints (jsc#SLE-4799). - igc: Remove unreachable code from igc_phy.c file (jsc#SLE-4799). - igc: Remove unused code (jsc#SLE-4799). - igc: Use struct_size() helper (jsc#SLE-4799). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - include/linux/bitops.h: introduce BITS_PER_TYPE (bsc#1136345 jsc#SLE-4681). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - infiniband: hfi1: drop crazy DEBUGFS_SEQ_FILE_CREATE() macro (jsc#SLE-4925). - infiniband: hfi1: no need to check return value of debugfs_create functions (jsc#SLE-4925). - infiniband/qedr: Potential null ptr dereference of qp (bsc#1136456 jsc#SLE-4689). - intel: correct return from set features callback (jsc#SLE-4795). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - iw_cxgb4: Check for send WR also while posting write with completion WR (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: complete the cached SRQ buffers (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: fix srqidx leak during connection abort (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Make function read_tcb() static (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use listening ep tos when accepting new connections (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use tos when finding ipv6 routes (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use tos when importing the endpoint (bsc#1136348 jsc#SLE-4684). - iw_cxgb*: kzalloc the iwcm verbs struct (bsc#1136348 jsc#SLE-4684). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - ixgbe: fix mdio bus registration (jsc#SLE-4795). - ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN (jsc#SLE-4795). - ixgbe: register a mdiobus (jsc#SLE-4795). - ixgbe: remove magic constant in ixgbe_reset_hw_82599() (jsc#SLE-4795). - ixgbe: use mii_bus to handle MII related ioctls (jsc#SLE-4795). - ixgbe: Use struct_size() helper (jsc#SLE-4795). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kabi: arm64: cpuhotplug: Reuse other arch's cpuhp_state (). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi i40e ignore include (jsc#SLE-4797). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kABI: protect dma-mapping.h include (kabi). - kabi protect struct iw_cm_id (bsc#1136348 jsc#SLE-4684). - kABI: protect struct pci_dev (kabi). - kabi protect struct vf_info (bsc#1136347 jsc#SLE-4683). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kabi/severities: exclude hns3 symbols (bsc#1134948) - kabi/severities: exclude qed* symbols (bsc#1136461) - kabi/severities: missed hns roce module - kabi/severities: Whitelist airq_iv_* (s390-specific) - kabi/severities: Whitelist more s390x internal symbols - kabi/severities: Whitelist s390 internal-only symbols - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - KVM: s390: provide io interrupt kvm_stat (bsc#1136206). - KVM: s390: use created_vcpus in more places (bsc#1136206). - KVM: s390: vsie: fix &lt; 8k check for the itdba (bsc#1136206). - leds: avoid flush_work in atomic context (bsc#1051510). - libcxgb: fix incorrect ppmax calculation (bsc#1136345 jsc#SLE-4681). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mm-Fix-modifying-of-page-protection-by-insert_pfn.patch: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash (jsc#SLE-5358). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: chelsio: Add a missing check on cudg_get_buffer (bsc#1136345 jsc#SLE-4681). - net: cxgb4: fix various indentation issues (bsc#1136345 jsc#SLE-4681). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: add counter for times RX pages gets allocated (bsc#1104353 bsc#1134947). - net: hns3: add error handler for initializing command queue (bsc#1104353 bsc#1135058). - net: hns3: add function type check for debugfs help information (bsc#1104353 bsc#1134980). - net: hns3: Add handling of MAC tunnel interruption (bsc#1104353 bsc#1134983). - net: hns3: add hns3_gro_complete for HW GRO process (bsc#1104353 bsc#1135051). - net: hns3: add linearizing checking for TSO case (bsc#1104353 bsc#1134947). - net: hns3: add protect when handling mac addr list (bsc#1104353 ). - net: hns3: add queue's statistics update to service task (bsc#1104353 bsc#1134981). - net: hns3: add reset statistics for VF (bsc#1104353 bsc#1134995). - net: hns3: add reset statistics info for PF (bsc#1104353 bsc#1134995). - net: hns3: add some debug info for hclgevf_get_mbx_resp() (bsc#1104353 bsc#1134994). - net: hns3: add some debug information for hclge_check_event_cause (bsc#1104353 bsc#1134994). - net: hns3: add support for dump ncl config by debugfs (bsc#1104353 bsc#1134987). - net: hns3: Add support for netif message level settings (bsc#1104353 bsc#1134989). - net: hns3: adjust the timing of hns3_client_stop when unloading (bsc#1104353 bsc#1137201). - net: hns3: always assume no drop TC for performance reason (bsc#1104353 bsc#1135049). - net: hns3: check 1000M half for hns3_ethtool_ops.set_link_ksettings (bsc#1104353 bsc#1137201). - net: hns3: check resetting status in hns3_get_stats() (bsc#1104353 bsc#1137201). - net: hns3: code optimization for command queue' spin lock (bsc#1104353 bsc#1135042). - net: hns3: combine len and checksum handling for inner and outer header (bsc#1104353 bsc#1134947). - net: hns3: deactive the reset timer when reset successfully (bsc#1104353 bsc#1137201). - net: hns3: divide shared buffer between TC (bsc#1104353 bsc#1135047). - net: hns3: do not initialize MDIO bus when PHY is inexistent (bsc#1104353 bsc#1135045). - net: hns3: do not request reset when hardware resetting (bsc#1104353 bsc#1137201). - net: hns3: dump more information when tx timeout happens (bsc#1104353 bsc#1134990). - net: hns3: extend the loopback state acquisition time (bsc#1104353). - net: hns3: fix data race between ring->next_to_clean (bsc#1104353 bsc#1134975 bsc#1134945). - net: hns3: fix error handling for desc filling (bsc#1104353 ). - net: hns3: fix for HNS3_RXD_GRO_SIZE_M macro (bsc#1104353 bsc#1137201). - net: hns3: fix for tunnel type handling in hns3_rx_checksum (bsc#1104353 bsc#1134946). - net: hns3: fix for TX clean num when cleaning TX BD (bsc#1104353 ). - net: hns3: fix for vport->bw_limit overflow problem (bsc#1104353 bsc#1134998). - net: hns3: fix keep_alive_timer not stop problem (bsc#1104353 bsc#1135055). - net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() (bsc#1104353 bsc#1134990). - net: hns3: fix pause configure fail problem (bsc#1104353 bsc#1134951 bsc#1134951). - net: hns3: fix set port based VLAN for PF (bsc#1104353 bsc#1135053). - net: hns3: fix set port based VLAN issue for VF (bsc#1104353 bsc#1135053). - net: hns3: fix sparse: warning when calling hclge_set_vlan_filter_hw() (bsc#1104353 bsc#1134999). - net: hns3: fix VLAN offload handle for VLAN inserted by port (bsc#1104353 bsc#1135053). - net: hns3: free the pending skb when clean RX ring (bsc#1104353 bsc#1135044). - net: hns3: handle pending reset while reset fail (bsc#1104353 bsc#1135058). - net: hns3: handle the BD info on the last BD of the packet (bsc#1104353 bsc#1134974). - net: hns3: ignore lower-level new coming reset (bsc#1104353 bsc#1137201). - net: hns3: Make hclge_destroy_cmd_queue static (bsc#1104353 bsc#1137201). - net: hns3: Make hclgevf_update_link_mode static (bsc#1104353 bsc#1137201). - net: hns3: minor optimization for datapath (bsc#1104353 ). - net: hns3: minor optimization for ring_space (bsc#1104353 ). - net: hns3: minor refactor for hns3_rx_checksum (bsc#1104353 bsc#1135052). - net: hns3: modify HNS3_NIC_STATE_INITED flag in hns3_reset_notify_uninit_enet (bsc#1104353). - net: hns3: modify the VF network port media type acquisition method (bsc#1104353 bsc#1137201). - net: hns3: modify VLAN initialization to be compatible with port based VLAN (bsc#1104353 bsc#1135053). - net: hns3: not reset TQP in the DOWN while VF resetting (bsc#1104353 bsc#1134952). - net: hns3: not reset vport who not alive when PF reset (bsc#1104353 bsc#1137201). - net: hns3: optimize the barrier using when cleaning TX BD (bsc#1104353 bsc#1134945). - net: hns3: prevent change MTU when resetting (bsc#1104353 bsc#1137201). - net: hns3: prevent double free in hns3_put_ring_config() (bsc#1104353 bsc#1134950). - net: hns3: reduce resources use in kdump kernel (bsc#1104353 bsc#1137201). - net: hns3: refactor BD filling for l2l3l4 info (bsc#1104353 bsc#1134947). - net: hns3: refine tx timeout count handle (bsc#1104353 bsc#1134990). - net: hns3: remove redundant assignment of l2_hdr to itself (bsc#1104353). - net: hns3: remove reset after command send failed (bsc#1104353 bsc#1134949). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: hns3: return 0 and print warning when hit duplicate MAC (bsc#1104353 bsc#1137201). - net: hns3: set dividual reset level for all RAS and MSI-X errors (bsc#1104353 bsc#1135046). - net: hns3: set up the vport alive state while reinitializing (bsc#1104353 bsc#1137201). - net: hns3: set vport alive state to default while resetting (bsc#1104353 bsc#1137201). - net: hns3: simplify hclgevf_cmd_csq_clean (bsc#1104353 ). - net: hns3: some cleanup for struct hns3_enet_ring (bsc#1104353 bsc#1134947). - net: hns3: split function hnae3_match_n_instantiate() (bsc#1104353). - net: hns3: stop mailbox handling when command queue need re-init (bsc#1104353 bsc#1135058). - net: hns3: stop sending keep alive msg when VF command queue needs reinit (bsc#1104353 bsc#1134972). - net: hns3: unify maybe_stop_tx for TSO and non-TSO case (bsc#1104353 bsc#1134947). - net: hns3: unify the page reusing for page size 4K and 64K (bsc#1104353 bsc#1134947). - net: hns3: use a reserved byte to identify need_resp flag (bsc#1104353). - net: hns3: use atomic_t replace u32 for arq's count (bsc#1104353 bsc#1134953). - net: hns3: use devm_kcalloc when allocating desc_cb (bsc#1104353 bsc#1134947). - net: hns3: use napi_schedule_irqoff in hard interrupts handlers (bsc#1104353 bsc#1134947). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ipv4: defensive cipso option parsing (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net: phy: marvell: add new default led configure for m88e151x (bsc#1135018). - net: phy: marvell: change default m88e1510 LED configuration (bsc#1135018). - net: phy: marvell: Enable interrupt function on LED2 pin (bsc#1135018). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net/tls: free ctx in sock destruct (bsc#1136353 jsc#SLE-4688). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - NFS add module option to limit NFSv4 minor version (jsc#PM-231). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - p54: drop device reference count if fails to enable device (bsc#1135642). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - PCI: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - PCI: Factor out pcie_retrain_link() function (git-fixes). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum (git-fixes). - perf tools: Add Hygon Dhyana support (). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226). - platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#SLE-5226). - platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226). - platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226). - platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226). - platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake 'faspath' -> 'fastpath' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake 'inculde' -> 'include' (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Revise load sequence to avoid PCI errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qla2xxx: kABI fixes for v10.00.00.14-k (bsc#1136215). - qla2xxx: kABI fixes for v10.01.00.15-k (bsc#1136215). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qlcnic: remove assumption that vlan_tci != 0 (bsc#1136469 jsc#SLE-4695). - qlcnic: remove set but not used variables 'cur_rings, max_hw_rings, tx_desc_info' (bsc#1136469 jsc#SLE-4695). - qlcnic: remove set but not used variables 'op, cmd_op' (bsc#1136469 jsc#SLE-4695). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - RDMA/cxbg: Use correct sizing on buffers holding page DMA addresses (bsc#1136348 jsc#SLE-4684). - RDMA/cxgb4: Do not expose DMA addresses (bsc#1136348 jsc#SLE-4684). - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure (bsc#1136348 jsc#SLE-4684). - RDMA/cxgb4: Fix spelling mistake 'immedate' -> 'immediate' (bsc#1136348 jsc#SLE-4684). - RDMA/cxgb4: Remove kref accounting for sync operation (bsc#1136348 jsc#SLE-4684). - RDMA/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684). - RDMA/hns: Add constraint on the setting of local ACK timeout (bsc#1104427 bsc#1137233). - RDMA/hns: Add SCC context allocation support for hip08 (bsc#1104427 bsc#1126206). - RDMA/hns: Add SCC context clr support for hip08 (bsc#1104427 bsc#1126206). - RDMA/hns: Add the process of AEQ overflow for hip08 (bsc#1104427 bsc#1126206). - RDMA/hns: Add timer allocation support for hip08 (bsc#1104427 bsc#1126206). - RDMA/hns: Bugfix for mapping user db (bsc#1104427 bsc#1137236). - RDMA/hns: Bugfix for posting multiple srq work request (bsc#1104427 bsc#1137236). - RDMA/hns: Bugfix for SCC hem free (bsc#1104427 bsc#1137236). - RDMA/hns: Bugfix for sending with invalidate (bsc#1104427 bsc#1137236). - RDMA/hns: Bugfix for set hem of SCC (bsc#1104427 bsc#1137236). - RDMA/hns: Bugfix for the scene without receiver queue (bsc#1104427 bsc#1137233). - RDMA/hns: Configure capacity of hns device (bsc#1104427 bsc#1137236). - RDMA/hns: Delete unused variable in hns_roce_v2_modify_qp function (bsc#1104427). - RDMA/hns: Delete useful prints for aeq subtype event (bsc#1104427 bsc#1126206). - RDMA/hns: Fix bad endianess of port_pd variable (bsc#1104427 ). - RDMA/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - RDMA/hns: Fix the bug with updating rq head pointer when flush cqe (bsc#1104427 bsc#1137233). - RDMA/hns: Fix the chip hanging caused by sending doorbell during reset (bsc#1104427 bsc#1137232). - RDMA/hns: Fix the chip hanging caused by sending mailbox&CMQ during reset (bsc#1104427 bsc#1137232). - RDMA/hns: Fix the Oops during rmmod or insmod ko when reset occurs (bsc#1104427 bsc#1137232). - RDMA/hns: Fix the state of rereg mr (bsc#1104427 bsc#1137236). - RDMA/hns: Hide error print information with roce vf device (bsc#1104427 bsc#1137236). - RDMA/hns: Limit minimum ROCE CQ depth to 64 (bsc#1104427 bsc#1137236). - RDMA/hns: Limit scope of hns_roce_cmq_send() (bsc#1104427 ). - RDMA/hns: Make some function static (bsc#1104427 bsc#1126206). - RDMA/hns: Modify qp&cq&pd specification according to UM (bsc#1104427 bsc#1137233). - RDMA/hns: Modify the pbl ba page size for hip08 (bsc#1104427 bsc#1137233). - RDMA/hns: Move spin_lock_irqsave to the correct place (bsc#1104427 bsc#1137236). - RDMA/hns: Only assgin some fields if the relatived attr_mask is set (bsc#1104427). - RDMA/hns: Only assign the fields of the rq psn if IB_QP_RQ_PSN is set (bsc#1104427). - RDMA/hns: Only assign the relatived fields of psn if IB_QP_SQ_PSN is set (bsc#1104427). - RDMA/hns: RDMA/hns: Assign rq head pointer when enable rq record db (bsc#1104427 bsc#1137236). - RDMA/hns: Remove jiffies operation in disable interrupt context (bsc#1104427 bsc#1137236). - RDMA/hns: Remove set but not used variable 'rst' (bsc#1104427 bsc#1126206). - RDMA/hns: Set allocated memory to zero for wrid (bsc#1104427 bsc#1137236). - RDMA/hns: Support to create 1M srq queue (bsc#1104427 ). - RDMA/hns: Update CQE specifications (bsc#1104427 bsc#1137236). - RDMA/hns: Update the range of raq_psn field of qp context (bsc#1104427). - RDMA/i40iw: Handle workqueue allocation failure (jsc#SLE-4793). - RDMA/iwcm: add tos_set bool to iw_cm struct (bsc#1136348 jsc#SLE-4684). - RDMA/iw_cxgb4: Always disconnect when QP is transitioning to TERMINATE state (bsc#1136348 jsc#SLE-4684). - RDMA/qedr: Fix incorrect device rate (bsc#1136188). - RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1136456 jsc#SLE-4689). - RDMA/rdmavt: Use correct sizing on buffers holding page DMA addresses (jsc#SLE-4925). - RDMA/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - Revert 'ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops' (bsc#1051510). - Revert 'HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range' (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtlwifi: fix potential NULL pointer dereference (bsc#1111666). - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390: enable processes for mio instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 bsc#1135153 LTC#173151). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390: show statistics for MSI IRQs (jsc#SLE-5789 bsc#1134730 LTC#173388). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 bsc#1135153 LTC#173151). - scsi: hisi: KABI ignore new symbols (bsc#1135038). - scsi: hisi_sas: add host reset interface for test (bsc#1135041). - scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() (bsc#1135033). - scsi: hisi_sas: Adjust the printk format of functions hisi_sas_init_device() (bsc#1135037). - scsi: hisi_sas: allocate different SAS address for directly attached situation (bsc#1135036). - scsi: hisi_sas: Do not fail IT nexus reset for Open Reject timeout (bsc#1135033). - scsi: hisi_sas: Do not hard reset disk during controller reset (bsc#1135034). - scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected (bsc#1135038). - scsi: hisi_sas: Remedy inconsistent PHY down state in software (bsc#1135039). - scsi: hisi_sas: remove the check of sas_dev status in hisi_sas_I_T_nexus_reset() (bsc#1135037). - scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP target port (bsc#1135037). - scsi: hisi_sas: Set PHY linkrate when disconnected (bsc#1135038). - scsi: hisi_sas: Some misc tidy-up (bsc#1135031). - scsi: hisi_sas: Support all RAS events with MSI interrupts (bsc#1135035). - scsi: libsas: Do discovery on empty PHY to update PHY info (bsc#1135024). - scsi: libsas: Improve vague log in SAS rediscovery (bsc#1135027). - scsi: libsas: Inject revalidate event for root port event (bsc#1135026). - scsi: libsas: Print expander PHY indexes in decimal (bsc#1135021). - scsi: libsas: Stop hardcoding SAS address length (bsc#1135029). - scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery (bsc#1135028). - scsi: libsas: Try to retain programmed min linkrate for SATA min pathway unmatch fixing (bsc#1135028). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1136215). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1136215). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1136215). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1136215). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1136215). - scsi: qla2xxx: Add protection mask module parameters (bsc#1136215). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1136215). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1136215). - scsi: qla2xxx: Add support for setting port speed (bsc#1136215). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1136215). - scsi: qla2xxx: avoid printf format warning (bsc#1136215). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1136215). - scsi: qla2xxx: check for kstrtol() failure (bsc#1136215). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1136215). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1136215). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1136215). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1136215). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1136215). - scsi: qla2xxx: fix error message on &lt;qla2400 (bsc#1118139). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1136215). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1136215). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1136215). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1136215). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1136215). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1136215). - scsi: qla2xxx: Move marker request behind QPair (bsc#1136215). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1136215). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1136215). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1136215). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove FW default template (bsc#1136215). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1136215). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1136215). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1136215). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1136215). - scsi: qla2xxx: Simplify conditional check again (bsc#1136215). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1136215). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1136215). - scsi: qla2xxx: Update flash read/write routine (bsc#1136215). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: zfcp: make DIX experimental, disabled, and independent of DIF (jsc#SLE-6772). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi-nor: intel-spi: Add support for Intel Comet Lake SPI serial flash (jsc#SLE-5358). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add cls_bpf, sch_ingress to kernel-default-base (bsc#1134743). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools/cpupower: Add Hygon Dhyana support (). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - Update config files for NFSv4.2 - Update cx2072x patches to follow the upstream development (bsc#1068546) - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - USB: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vhost: reject zero size iova range (networking-stable-19_04_19). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext (bsc#1111666). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/CPU: Add Icelake model number (jsc#SLE-5226). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86/xen: Add Hygon Dhyana support to Xen (). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xsk: export xdp_get_umem_from_qid (jsc#SLE-4797). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1093389 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1111666 SUSE bug 1111696 SUSE bug 1113722 SUSE bug 1115688 SUSE bug 1117114 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120902 SUSE bug 1124503 SUSE bug 1126206 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128432 SUSE bug 1130699 SUSE bug 1131673 SUSE bug 1133190 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134090 SUSE bug 1134671 SUSE bug 1134730 SUSE bug 1134738 SUSE bug 1134743 SUSE bug 1134806 SUSE bug 1134936 SUSE bug 1134945 SUSE bug 1134946 SUSE bug 1134947 SUSE bug 1134948 SUSE bug 1134949 SUSE bug 1134950 SUSE bug 1134951 SUSE bug 1134952 SUSE bug 1134953 SUSE bug 1134972 SUSE bug 1134974 SUSE bug 1134975 SUSE bug 1134980 SUSE bug 1134981 SUSE bug 1134983 SUSE bug 1134987 SUSE bug 1134989 SUSE bug 1134990 SUSE bug 1134994 SUSE bug 1134995 SUSE bug 1134998 SUSE bug 1134999 SUSE bug 1135018 SUSE bug 1135021 SUSE bug 1135024 SUSE bug 1135026 SUSE bug 1135027 SUSE bug 1135028 SUSE bug 1135029 SUSE bug 1135031 SUSE bug 1135033 SUSE bug 1135034 SUSE bug 1135035 SUSE bug 1135036 SUSE bug 1135037 SUSE bug 1135038 SUSE bug 1135039 SUSE bug 1135041 SUSE bug 1135042 SUSE bug 1135044 SUSE bug 1135045 SUSE bug 1135046 SUSE bug 1135047 SUSE bug 1135049 SUSE bug 1135051 SUSE bug 1135052 SUSE bug 1135053 SUSE bug 1135055 SUSE bug 1135056 SUSE bug 1135058 SUSE bug 1135153 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1136188 SUSE bug 1136206 SUSE bug 1136215 SUSE bug 1136345 SUSE bug 1136347 SUSE bug 1136348 SUSE bug 1136353 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136456 SUSE bug 1136460 SUSE bug 1136461 SUSE bug 1136469 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136498 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136598 SUSE bug 1136881 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1136978 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137201 SUSE bug 1137224 SUSE bug 1137232 SUSE bug 1137233 SUSE bug 1137236 SUSE bug 1137372 SUSE bug 1137429 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138336 SUSE bug 1138374 SUSE bug 1138375 CVE-2019-10124 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11487 CVE-2019-12380 CVE-2019-12382 CVE-2019-12456 CVE-2019-12818 CVE-2019-12819 CVE-2019-3846 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9022: Fixed a vulnerability which could allow a hostile DNS server to make PHP misuse memcpy (bsc#1126827). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Other issue addressed: - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). - Enabled php7 testsuite (bsc#1119396). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1118832 SUSE bug 1119396 SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1126827 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 SUSE bug 1129032 SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2018-19935 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1124493 CVE-2019-3820 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following security issues: - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595). - CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595). - CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595). - CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1137595 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issues fixed: - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1124194 SUSE bug 1132657 SUSE bug 1132879 SUSE bug 1135247 CVE-2018-16838 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033086 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1106390 SUSE bug 1107066 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 SUSE bug 1136183 SUSE bug 1136732 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11598 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: Security issues fixed: - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595). - CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595). - CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595). - CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595). - CVE-2019-11707: Fixed a type confusion in Array.pop (bsc#1138872). - CVE-2019-11708: Fixed a sandbox escape using Prompt:Open (bsc#1138872). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1137595 SUSE bug 1138872 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for enigmail fixes the following issues: enigmail was updated to 2.0.11: * CVE-2019-12269: Specially crafted inline PGP messages could spoof a 'correctly signed' message (boo#1135855) enigmail was updated to 2.0.10: * various bug fixes for configuring and handling encrypted e-mail * UI fixes for dialogs, messages, and dark Thunderbird themes Important SUSE bug 1135855 CVE-2019-12269 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for aubio fixes the following issues: Fixed security issues leading to buffer overflows or segfaults (CVE-2018-19800, boo#1137828, CVE-2018-19801, boo#1137822, CVE-2018-19802, boo#1137823): Moderate SUSE bug 1137822 SUSE bug 1137823 SUSE bug 1137828 CVE-2018-19800 CVE-2018-19801 CVE-2018-19802 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for GraphicsMagick fixes the following issues: - disable indirect reads that disclosed file contents from the local system (boo#1138425) Moderate SUSE bug 1138425 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for docker fixes the following issues: Security issue fixed: - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1096726 CVE-2018-15664 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for SDL2 fixes the following issues: - Remove the fix for CVE-2019-7637, the modification of function SDL_CalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. (bsc#1134135) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1124825 SUSE bug 1134135 CVE-2019-7637 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ansible fixes the following issues: Ansible was updated to version 2.8.1: Full changelog is at /usr/share/doc/packages/ansible/changelogs/ - Bugfixes - ACI - DO not encode query_string - ACI modules - Fix non-signature authentication - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading - Fix 'Interface not found' errors when using eos_l2_interface with nonexistant interfaces configured - Fix cannot get credential when `source_auth` set to `credential_file`. - Fix netconf_config backup string issue - Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password). - Fix vyos cli prompt inspection - Fixed loading namespaced documentation fragments from collections. - Fixing bug came up after running cnos_vrf module against coverity. - Properly handle data importer failures on PVC creation, instead of timing out. - To fix the ios static route TC failure in CI - To fix the nios member module params - To fix the nios_zone module idempotency failure - add terminal initial prompt for initial connection - allow include_role to work with ansible command - allow python_requirements_facts to report on dependencies containing dashes - asa_config fix - azure_rm_roledefinition - fix a small error in build scope. - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network peering. - cgroup_perf_recap - When not using file_per_task, make sure we don't prematurely close the perf files - display underlying error when reporting an invalid ``tasks:`` block. - dnf - fix wildcard matching for state: absent - docker connection plugin - accept version ``dev`` as 'newest version' and print warning. - docker_container - ``oom_killer`` and ``oom_score_adj`` options are available since docker-py 1.8.0, not 2.0.0 as assumed by the version check. - docker_container - fix network creation when ``networks_cli_compatible`` is enabled. - docker_container - use docker API's ``restart`` instead of ``stop``/``start`` to restart a container. - docker_image - if ``build`` was not specified, the wrong default for ``build.rm`` is used. - docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the module failed. - docker_image - module failed when ``source: build`` was set but ``build.path`` options not specified. - docker_network module - fix idempotency when using ``aux_addresses`` in ``ipam_config``. - ec2_instance - make Name tag idempotent - eos: don't fail modules without become set, instead show message and continue - eos_config: check for session support when asked to 'diff_against: session' - eos_eapi: fix idempotency issues when vrf was unspecified. - fix bugs for ce - more info see - fix incorrect uses of to_native that should be to_text instead. - hcloud_volume - Fix idempotency when attaching a server to a volume. - ibm_storage - Added a check for null fields in ibm_storage utils module. - include_tasks - whitelist ``listen`` as a valid keyword - k8s - resource updates applied with force work correctly now - keep results subset also when not no_log. - meraki_switchport - improve reliability with native VLAN functionality. - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and clearing functionality - netapp_e_volumes - fix workload profileId indexing when no previous workload tags exist on the storage array. - nxos_acl some platforms/versions raise when no ACLs are present - nxos_facts fix <https://github.com/ansible/ansible/pull/57009> - nxos_file_copy fix passwordless workflow - nxos_interface Fix admin_state check for n6k - nxos_snmp_traps fix group all for N35 platforms - nxos_snmp_user fix platform fixes for get_snmp_user - nxos_vlan mode idempotence bug - nxos_vlan vlan names containing regex ctl chars should be escaped - nxos_vtp_* modules fix n6k issues - openssl_certificate - fix private key passphrase handling for ``cryptography`` backend. - openssl_pkcs12 - fixes crash when private key has a passphrase and the module is run a second time. - os_stack - Apply tags conditionally so that the module does not throw up an error when using an older distro of openstacksdk - pass correct loading context to persistent connections other than local - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux - postgresql - added initial SSL related tests - postgresql - added missing_required_libs, removed excess param mapping - postgresql - move connect_to_db and get_pg_version into module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514) - postgresql_db - add note to the documentation about state dump and the incorrect rc (https://github.com/ansible/ansible/pull/57297) - postgresql_db - fix for postgresql_db fails if stderr contains output - postgresql_ping - fixed a typo in the module documentation - preserve actual ssh error when we cannot connect. - route53_facts - the module did not advertise check mode support, causing it not to be run in check mode. - sysctl: the module now also checks the output of STDERR to report if values are correctly set (https://github.com/ansible/ansible/pull/55695) - ufw - correctly check status when logging is off - uri - always return a value for status even during failure - urls - Handle redirects properly for IPv6 address by not splitting on ``:`` and rely on already parsed hostname and port values - vmware_vm_facts - fix the support with regular ESXi - vyos_interface fix <https://github.com/ansible/ansible/pull/57169> - we don't really need to template vars on definition as we do this on demand in templating. - win_acl - Fix qualifier parser when using UNC paths - - win_hostname - Fix non netbios compliant name handling - winrm - Fix issue when attempting to parse CLIXML on send input failure - xenserver_guest - fixed an issue where VM whould be powered off even though check mode is used if reconfiguration requires VM to be powered off. - xenserver_guest - proper error message is shown when maximum number of network interfaces is reached and multiple network interfaces are added at once. - yum - Fix false error message about autoremove not being supported - yum - fix failure when using ``update_cache`` standalone - yum - handle special '_none_' value for proxy in yum.conf and .repo files Update to version 2.8.0 Major changes: * Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces. * Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to /usr/bin/python). You can override this behavior by setting ansible_python_interpreter or via config. (see https://github.com/ansible/ansible/pull/50163) * become - The deprecated CLI arguments for --sudo, --sudo-user, --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in favor of the more generic --become, --become-user, --become-method, and --ask-become-pass. * become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991) - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837 For the full changelog see /usr/share/doc/packages/ansible/changelogs or online: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst Moderate SUSE bug 1109957 SUSE bug 1112959 SUSE bug 1118896 SUSE bug 1126503 CVE-2018-16837 CVE-2018-16859 CVE-2018-16876 CVE-2019-3828 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for exempi fixes the following issues: - CVE-2018-12648: Fixed a NULL pointer dereference (crash) issue when processing webp files (bsc#1098946). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1098946 CVE-2018-12648 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287): * CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332: * CVE-2019-5828: Use after free in ServiceWorker * CVE-2019-5829: Use after free in Download Manager * CVE-2019-5830: Incorrectly credentialed requests in CORS * CVE-2019-5831: Incorrect map processing in V8 * CVE-2019-5832: Incorrect CORS handling in XHR * CVE-2019-5833: Inconsistent security UI placemen * CVE-2019-5835: Out of bounds read in Swiftshader * CVE-2019-5836: Heap buffer overflow in Angle * CVE-2019-5837: Cross-origin resources size disclosure in Appcache * CVE-2019-5838: Overly permissive tab access in Extensions * CVE-2019-5839: Incorrect handling of certain code points in Blink * CVE-2019-5840: Popup blocker bypass * Various fixes from internal audits, fuzzing and other initiatives * CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169: * Feature fixes update only Update to 74.0.3729.157: * Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218): * CVE-2019-5827: Out-of-bounds access in SQLite * CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313: * CVE-2019-5805: Use after free in PDFium * CVE-2019-5806: Integer overflow in Angle * CVE-2019-5807: Memory corruption in V8 * CVE-2019-5808: Use after free in Blink * CVE-2019-5809: Use after free in Blink * CVE-2019-5810: User information disclosure in Autofill * CVE-2019-5811: CORS bypass in Blink * CVE-2019-5813: Out of bounds read in V8 * CVE-2019-5814: CORS bypass in Blink * CVE-2019-5815: Heap buffer overflow in Blink * CVE-2019-5818: Uninitialized value in media reader * CVE-2019-5819: Incorrect escaping in developer tools * CVE-2019-5820: Integer overflow in PDFium * CVE-2019-5821: Integer overflow in PDFium * CVE-2019-5822: CORS bypass in download manager * CVE-2019-5823: Forced navigation from service worker * CVE-2019-5812: URL spoof in Omnibox on iOS * CVE-2019-5816: Exploit persistence extension on Android * CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103: * Various feature fixes Update to 73.0.3683.86: * Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059: * CVE-2019-5787: Use after free in Canvas. * CVE-2019-5788: Use after free in FileAPI. * CVE-2019-5789: Use after free in WebMIDI. * CVE-2019-5790: Heap buffer overflow in V8. * CVE-2019-5791: Type confusion in V8. * CVE-2019-5792: Integer overflow in PDFium. * CVE-2019-5793: Excessive permissions for private API in Extensions. * CVE-2019-5794: Security UI spoofing. * CVE-2019-5795: Integer overflow in PDFium. * CVE-2019-5796: Race condition in Extensions. * CVE-2019-5797: Race condition in DOMStorage. * CVE-2019-5798: Out of bounds read in Skia. * CVE-2019-5799: CSP bypass with blob URL. * CVE-2019-5800: CSP bypass with blob URL. * CVE-2019-5801: Incorrect Omnibox display on iOS. * CVE-2019-5802: Security UI spoofing. * CVE-2019-5803: CSP bypass with Javascript URLs'. * CVE-2019-5804: Command line command injection on Windows. Important SUSE bug 1129059 SUSE bug 1133313 SUSE bug 1134218 SUSE bug 1137332 SUSE bug 1138287 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 CVE-2019-5802 CVE-2019-5803 CVE-2019-5804 CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for evince provides the following fixes: Security issue fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of unitialized use of memory (bsc#1133037). Other issue addressed: - Removed Supplements from psdocument package, so that it isn't pulled in by default (bsc#1122794). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1122794 SUSE bug 1133037 CVE-2019-11459 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1136021 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libheimdal fixes the following issues: libheimdal was updated to version 7.7.0: + Bug fixes: - PKCS#11 hcrypto back-end: + initialize the p11_module_load function list + verify that not only is a mechanism present but that its mechanism info states that it offers the required encryption, decryption or digest services - krb5: + Starting with 7.6, Heimdal permitted requesting authenticated anonymous tickets. However, it did not verify that a KDC in fact returned an anonymous ticket when one was requested. + Cease setting the KDCOption reaquest_anonymous flag when issuing S4UProxy (constrained delegation) TGS requests. + when the Win2K PKINIT compatibility option is set, do not require krbtgt otherName to match when validating KDC certificate. + set PKINIT_BTMM flag per Apple implementation + use memset_s() instead of memset() - kdc: + When generating KRB5SignedPath in the AS, use the reply client name rather than the one from the request, so validation will work correctly in the TGS. + allow checksum of PA-FOR-USER to be HMAC_MD5. Even if TGT used an enctype with a different checksum. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what Windows and MIT clients send. In Heimdal both the client and kdc use instead the checksum of the TGT, and therefore work with each other but Windows and MIT clients fail against Heimdal KDC. Both Windows and MIT KDC would allow any keyed checksum to be used so Heimdal client work fine against it. Change Heimdal KDC to allow HMAC_MD5 even for non RC4 based TGT in order to support per-spec clients. + use memset_s() instead of memset() + Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy (constrained delegation) TGS Requests with the request anonymous flag set. These requests will be treated as S4UProxy requests and not anonymous requests. - HDB: + Set SQLite3 backend default page size to 8KB. + Add hdb_set_sync() method - kadmind: + disable HDB sync during database load avoiding unnecessary disk i/o. - ipropd: + disable HDB sync during receive_everything. Doing an fsync per-record when receiving the complete HDB is a performance disaster. Among other things, if the HDB is very large, then one slave receving a full HDB can cause other slaves to timeout and, if HDB write activity is high enough to cause iprop log truncation, then also need full syncs, which leads to a cycle of full syncs for all slaves until HDB write activity drops. Allowing the iprop log to be larger helps, but improving receive_everything() performance helps even more. - kinit: + Anonymous PKINIT tickets discard the realm information used to locate the issuing AS. Store the issuing realm in the credentials cache in order to locate a KDC which can renew them. + Do not leak the result of krb5_cc_get_config() when determining anonymous PKINIT start realm. - klist: + Show transited-policy-checked, ok-as-delegate and anonymous flags when listing credentials. - tests: + Regenerate certs so that they expire before the 2038 armageddon so the test suite will pass on 32-bit operating systems until the underlying issues can be resolved. - documentation: + rename verify-password to verify-password-quality + hprop default mode is encrypt + kadmind 'all' permission does not include 'get-keys' + verify-password-quality might not be stateless Version 7.6.0: + Security (#555): - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum When the Heimdal KDC checks the checksum that is placed on the S4U2Self packet by the server to protect the requested principal against modification, it does not confirm that the checksum algorithm that protects the user name (principal) in the request is keyed. This allows a man-in-the-middle attacker who can intercept the request to the KDC to modify the packet by replacing the user name (principal) in the request with any desired user name (principal) that exists in the KDC and replace the checksum protecting that name with a CRC32 checksum (which requires no prior knowledge to compute). This would allow a S4U2Self ticket requested on behalf of user name (principal) user@EXAMPLE.COM to any service to be changed to a S4U2Self ticket with a user name (principal) of Administrator@EXAMPLE.COM. This ticket would then contain the PAC of the modified user name (principal). - CVE-2019-12098, client-only: RFC8062 Section 7 requires verification of the PA-PKINIT-KX key exchange when anonymous PKINIT is used. Failure to do so can permit an active attacker to become a man-in-the-middle. + Bug fixes: - Happy eyeballs: Don't wait for responses from known-unreachable KDCs. - kdc: + check return copy_Realm, copy_PrincipalName, copy_EncryptionKey - kinit: + cleanup temporary ccaches + see man page for 'kinit --anonymous' command line syntax change - kdc: + Make anonymous AS-requests more RFC8062-compliant. Updated expired test certificates + Features: - kuser: support authenticated anonymous AS-REQs in kinit - kdc: support for anonymous TGS-REQs - kgetcred support for anonymous service tickets - Support builds with OpenSSL 1.1.1 Moderate SUSE bug 1047218 SUSE bug 1084909 CVE-2018-16860 CVE-2019-12098 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.0.1: * Several issues with SYSTEM VERSIONING tables * Fixed json encode error in export * Fixed JavaScript events not activating on input (sql bookmark issue) * Show Designer combo boxes when adding a constraint * Fix edit view * Fixed invalid default value for bit field * Fix several errors relating to GIS data types * Fixed javascript error PMA_messages is not defined * Fixed import XML data with leading zeros * Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4) * Fixed MySQL 8.0.0 issues with GIS display * Fixed 'Server charset' in 'Database server' tab showing wrong information * Fixed can not copy user on Percona Server 5.7 * Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661: Fixed CSRF vulnerability in login form https://www.phpmyadmin.net/security/PMASA-2019-4/ - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661: Fixed SQL injection in Designer feature https://www.phpmyadmin.net/security/PMASA-2019-3/ Moderate SUSE bug 1137496 SUSE bug 1137497 CVE-2019-11768 CVE-2019-12616 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for irssi fixes the following issues: irssi was updated to 1.1.3: - CVE-2019-13045: Fix a use after free issue when sending the SASL login on (automatic and manual) reconnects (#1055, #1058) (boo#1139802) - Fix regression of #779 where autolog_ignore_targets would not matching itemless windows anymore (#1012, #1013) Moderate SUSE bug 1139802 CVE-2019-13045 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gvfs fixes the following issues: Security issues fixed: - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981). Other issue addressed: - Drop polkit rules files that are only relevant for wheel group (bsc#1125433). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1125433 SUSE bug 1136981 SUSE bug 1136986 SUSE bug 1136992 SUSE bug 1137930 CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1128140 SUSE bug 1135727 SUSE bug 1135729 CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Added aliyun fence agent (bsc#1139913). This update was imported from the SUSE:SLE-15-SP1:Update update project. Low SUSE bug 1137314 SUSE bug 1139913 CVE-2019-10153 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libqb fixes the following issue: Security issue fixed: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1137835 CVE-2019-12779 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). - CVE-2019-10168: Fixed an issue with virConnect*HypervisorCPU API which could have been used to execute arbitrary emulators (bsc#1138305). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1138301 SUSE bug 1138302 SUSE bug 1138303 SUSE bug 1138305 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815). Other issues fixed: - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698) - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1125601 SUSE bug 1130245 SUSE bug 1134452 SUSE bug 1134697 SUSE bug 1137815 CVE-2019-12435 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-13233: In arch/x86/lib/insn-eval.c there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1133738). - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bnc#1138263). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - Abort file_remove_privs() for non-reg. files (bsc#1140888). - ACPICA: Clear status of GPEs on first direct enable (bsc#1111666). - ACPI: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - ACPI: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - Documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base/devres: introduce devm_release_action() (bsc#1103992 FATE#326009). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm/i915: Add new AML_ULX support list (jsc#SLE-4986). - drm/i915: Add new ICL PCI ID (jsc#SLE-4986). - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986). - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986). - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986). - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986). - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986). - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986). - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986). - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986). - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986). - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986). - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986). - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685 FATE#325854). - IB/hfi1: Create inline to get extended headers (bsc#1114685 FATE#325854). - IB/hfi1: Validate fault injection opcode user input (bsc#1114685 FATE#325854). - IB/mlx5: Verify DEVX general object type correctly (bsc#1103991 FATE#326007). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056). - kabi workaround for asus-wmi changes (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992 FATE#326009). - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990 FATE#326006). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 FATE#326006). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990 FATE#326006). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 FATE#326006). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990 FATE#326006). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 FATE#326006). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 FATE#326006). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990 FATE#326006). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 FATE#326006). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 FATE#326007). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991 FATE#326007). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113 FATE#326472). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - nl80211: fix station_info pertid memory leak (bsc#1051510). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803). - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803 FATE#327056). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803). - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056). - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803). - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056). - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992 FATE#326009). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - PM: ACPI/PCI: Resume all devices during hibernation (bsc#1111666). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix -$gt;ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992 FATE#326009). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991 FATE#326007). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991 FATE#326007). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992 FATE#326009). - Refresh patches.fixes/scsi-Introduce-scsi_start_queue.patch (bsc#1119532). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Reshuffle patches to match series_sort.py - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1138879). - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990). - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990 FATE#326006). - Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()'' - Revert 'Revert 'Drop multiversion(kernel) from the KMP template (fate#323189) - Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).' This broke the build with older gcc instead. - Revert 'Sign non-x86 kernels when possible (boo#1134303)' This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now. - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/pci: improve bar check (jsc#SLE-5803). - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056). - s390/pci: map IOV resources (jsc#SLE-5803). - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056). - s390/pci: skip VF scanning (jsc#SLE-5803). - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake 'Retreiving' -gt; 'Retrieving' (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake 'OUSTANDING' -> 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sort patches to proper position - squash patches.fixes/tcp-fix-fack_count-accounting-on-tcp_shift_skb_data.patch into patches.fixes/tcp-limit-payload-size-of-sacked-skbs.patch to match what stable backports do - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty: max310x: Fix external crystal register setup (bsc#1051510). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - xdp: check device pointer before clearing (bsc#1109837). - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1103990 SUSE bug 1103991 SUSE bug 1103992 SUSE bug 1106383 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112374 SUSE bug 1114279 SUSE bug 1114685 SUSE bug 1119113 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1125703 SUSE bug 1128902 SUSE bug 1130836 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136156 SUSE bug 1136157 SUSE bug 1136161 SUSE bug 1136264 SUSE bug 1136271 SUSE bug 1136333 SUSE bug 1136343 SUSE bug 1136462 SUSE bug 1136935 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137366 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137985 SUSE bug 1138263 SUSE bug 1138589 SUSE bug 1138681 SUSE bug 1138719 SUSE bug 1138732 SUSE bug 1138879 SUSE bug 1139712 SUSE bug 1139771 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140228 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140454 SUSE bug 1140463 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140948 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-12614 CVE-2019-12817 CVE-2019-13233 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for neovim fixes the following issues: neovim was updated to version 0.3.7: * CVE-2019-12735: source should check sandbox (boo#1137443) * genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: * options: properly reset directories on 'autochdir' * Remove MSVC optimization workaround for SHM_ALL * Make SHM_ALL to a variable instead of a compound literal #define * doc: mention 'pynvim' module rename * screen: don't crash when drawing popupmenu with 'rightleft' option * look-behind match may use the wrong line number * :terminal : set topline based on window height * :recover : Fix crash on non-existent *.swp Version Update to version 0.3.4: * test: add tests for conceal cursor movement * display: unify ursorline and concealcursor redraw logic Version Update to version 0.3.3: * health/provider: Check for available pynvim when neovim mod is missing * python#CheckForModule: Use the given module string instead of hard-coding pynvim * (health.provider)/python: Import the neovim, rather than pynvim, module * TUI: Konsole DECSCUSR fixup Version Update to version 0.3.2:- * Features - clipboard: support Custom VimL functions (#9304) - win/TUI: improve terminal/console support (#9401) - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077) - support mapping in more places (#9299) - diff/highlight: show underline for low-priority CursorLine (#9028) - signs: Add 'nuhml' argument (#9113) - clipboard: support Wayland (#9230) - TUI: add support for undercurl and underline color (#9052) - man.vim: soft (dynamic) wrap (#9023) * API - API: implement object namespaces (#6920) - API: implement nvim_win_set_buf() (#9100) - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180) - API: add nvim_buf_is_loaded() (#8660) - API: nvm_buf_get_offset_for_line (#8221) - API/UI: ext_newgrid, ext_histate (#8221) * UI - TUI: use BCE again more often (smoother resize) (#8806) - screen: add missing status redraw when redraw_later(CLEAR) was used (#9315) - TUI: clip invalid regions on resize (#8779) - TUI: improvements for scrolling and clearing (#9193) - TUI: disable clearing almost everywhere (#9143) - TUI: always use safe cursor movement after resize (#9079) - ui_options: also send when starting or from OptionSet (#9211) - TUI: Avoid reset_color_cursor_color in old VTE (#9191) - Don't erase screen on :hi Normal during startup (#9021) - TUI: Hint wrapped lines to terminals (#8915) * FIXES - RPC: turn errors from async calls into notifications - TUI: Restore terminal title via 'title stacking' (#9407) - genappimage: Unset $ARGV0 at invocation (#9376) - TUI: Konsole 18.07.70 supports DECSCUSR (#9364) - provider: improve error message (#9344) - runtime/syntax: Fix highlighting of autogroup contents (#9328) - VimL/confirm(): Show dialog even if :silent (#9297) - clipboard: prefer xclip (#9302) - provider/nodejs: fix npm, yarn detection - channel: avoid buffering output when only terminal is active (#9218) - ruby: detect rbenv shims for other versions (#8733) - third party/unibilium: Fix parsing of extended capabilitiy entries (#9123) - jobstart(): Fix hang on non-executable cwd (#9204) - provide/nodejs: Simultaneously query npm and yarn (#9054) - undo: Fix infinite loop if undo_read_byte returns EOF (#2880) - 'swapfile: always show dialog' (#9034) - Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages. - Add /usr/share/vim/site tree of directories to be owned by neovim as well. Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1137825 CVE-2019-12387 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1133291 SUSE bug 1135715 CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) - Correctly mark license files as licence instead of documentation (bsc#1082318) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1082318 SUSE bug 1140255 CVE-2019-13132 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for kernel-firmware fixes the following issues: kernel-firmware was updated to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2019-9836, bsc#1139383) * linux-firmware: update licence text for Marvell firmware * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * amlogic: add video decoder firmwares * iwlwifi: update -46 firmwares for 22260 and 9000 series * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares * iwlwifi: add -46.ucode firmwares for 9000 series * amdgpu: update vega20 to the latest 19.10 firmware * amdgpu: update vega12 to the latest 19.10 firmware * amdgpu: update vega10 to the latest 19.10 firmware * amdgpu: update polaris11 to the latest 19.10 firmware * amdgpu: update polaris10 to the latest 19.10 firmware * amdgpu: update raven2 to the latest 19.10 firmware * amdgpu: update raven to the latest 19.10 firmware * amdgpu: update picasso to the latest 19.10 firmware * linux-firmware: update fw for qat devices * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122 * drm/i915/firmware: Add ICL HuC v8.4.3238 * drm/i915/firmware: Add ICL GuC v32.0.3 * drm/i915/firmware: Add GLK HuC v03.01.2893 * drm/i915/firmware: Add GLK GuC v32.0.3 * drm/i915/firmware: Add KBL GuC v32.0.3 * drm/i915/firmware: Add SKL GuC v32.0.3 * drm/i915/firmware: Add BXT GuC v32.0.3 * linux-firmware: Add firmware file for Intel Bluetooth 22161 * cxgb4: update firmware to revision 1.23.4.0 (bsc#1136334) * linux-firmware: Update NXP Management Complex firmware to version 10.14.3 * linux-firmware: add firmware for MT7615E * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change. * linux-firmware: update Marvell 8797/8997 firmware images * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1136334 SUSE bug 1136498 SUSE bug 1139383 CVE-2019-9836 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617) - CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611) Ruby 2.5 was updated to 2.5.3: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives (bsc#1112532) - CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly (bsc#1112530) Ruby 2.5 was updated to 2.5.1: This release includes some bug fixes and some security fixes. Security issues fixed: - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434) - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441) - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436) - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433) - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440) - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437) - Multiple vulnerabilities in RubyGems were fixed: - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058) - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014) - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011) - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010) - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009) - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008) - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007) Other changes: - Fixed Net::POPMail methods modify frozen literal when using default arg - ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790) - build with PIE support (bsc#1130028) Changes in ruby-bundled-gems-rpmhelper: - Add a new helper for bundled ruby gems. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130028 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1133790 CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-9.html * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1134689 SUSE bug 1138034 CVE-2019-10130 CVE-2019-10164 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for znc to version 1.7.4 fixes the following issues: Security issues fixed: - CVE-2019-12816: Fixed a remote code execution in Modules.cpp (boo#1138572). - CVE-2019-9917: Fixed a denial of service on invalid encoding (boo#1130360). Important SUSE bug 1130360 SUSE bug 1138572 CVE-2019-12816 CVE-2019-9917 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1139937 CVE-2018-20843 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1138172 SUSE bug 1138173 CVE-2019-11039 CVE-2019-11040 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ledger fixes the following issues: ledger was updated to 3.1.3: + Properly reject postings with a comment right after the flag (bug #1753) + Make sorting order of lot information deterministic (bug #1747) + Fix bug in tag value parsing (bug #1702) + Remove the org command, which was always a hack to begin with (bug #1706) + Provide Docker information in README + Various small documentation improvements This also includes the update to 3.1.2: + Increase maximum length for regex from 255 to 4095 (bug #981) + Initialize periods from from/since clause rather than earliest transaction date (bug #1159) + Check balance assertions against the amount after the posting (bug #1147) + Allow balance assertions with multiple posts to same account (bug #1187) + Fix period duration of 'every X days' and similar statements (bug #370) + Make option --force-color not require --color anymore (bug #1109) + Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting. + Add support for --prepend-format in accounts command + Fix handling of edge cases in trim function (bug #520) + Fix auto xact posts not getting applied to account total during journal parse (bug #552) + Transfer null_post flags to generated postings + Fix segfault when using --market with --group-by + Use amount_width variable for budget report + Keep pending items in budgets until the last day they apply + Fix bug where .total used in value expressions breaks totals + Make automated transactions work with assertions (bug #1127) + Improve parsing of date tokens (bug #1626) + Don't attempt to invert a value if it's already zero (bug #1703) + Do not parse user-specified init-file twice + Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303, CVE-2017-2807) + Fix use-after-free issue with deferred postings (bug #1723, TALOS-2017-0304, CVE-2017-2808) + Fix possible stack overflow in option parsing routine (bug #1222, CVE-2017-12481) + Fix possible stack overflow in date parsing routine (bug #1224, CVE-2017-12482) + Fix use-after-free when using --gain (bug #541) + Python: Removed double quotes from Unicode values. + Python: Ensure that parse errors produce useful RuntimeErrors + Python: Expose journal expand_aliases + Python: Expose journal_t::register_account + Improve bash completion + Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode + Various documentation improvements Moderate SUSE bug 1052478 SUSE bug 1052484 SUSE bug 1105084 CVE-2017-12481 CVE-2017-12482 CVE-2017-2807 CVE-2017-2808 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for clementine fixes the following issues: - CVE-2018-14332: Fixed a NULL ptr dereference (crash) in the moodbar pipeline (boo#1103041) Moderate SUSE bug 1103041 CVE-2018-14332 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libsass to version 3.6.1 fixes the following issues: Security issues fixed: - CVE-2019-6283: Fixed heap-buffer-overflow in Sass::Prelexer::parenthese_scope(char const*) (boo#1121943). - CVE-2019-6284: Fixed heap-based buffer over-read exists in Sass:Prelexer:alternatives (boo#1121944). - CVE-2019-6286: Fixed heap-based buffer over-read exists in Sass:Prelexer:skip_over_scopes (boo#1121945). - CVE-2018-11499: Fixed use-after-free vulnerability in sass_context.cpp:handle_error (boo#1096894). - CVE-2018-19797: Disallowed parent selector in selector_fns arguments (boo#1118301). - CVE-2018-19827: Fixed use-after-free vulnerability exists in the SharedPtr class (boo#1118346). - CVE-2018-19837: Fixed stack overflow in Eval::operator() (boo#1118348). - CVE-2018-19838: Fixed stack-overflow at IMPLEMENT_AST_OPERATORS expansion (boo#1118349). - CVE-2018-19839: Fixed buffer-overflow (OOB read) against some invalid input (boo#1118351). - CVE-2018-20190: Fixed Null pointer dereference in Sass::Eval::operator()(Sass::Supports_Operator*) (boo#1119789). - CVE-2018-20821: Fixed uncontrolled recursion in Sass:Parser:parse_css_variable_value (boo#1133200). - CVE-2018-20822: Fixed stack-overflow at Sass::Inspect::operator() (boo#1133201). Moderate SUSE bug 1096894 SUSE bug 1118301 SUSE bug 1118346 SUSE bug 1118348 SUSE bug 1118349 SUSE bug 1118351 SUSE bug 1119789 SUSE bug 1121943 SUSE bug 1121944 SUSE bug 1121945 SUSE bug 1133200 SUSE bug 1133201 CVE-2018-11499 CVE-2018-19797 CVE-2018-19827 CVE-2018-19837 CVE-2018-19838 CVE-2018-19839 CVE-2018-20190 CVE-2018-20821 CVE-2018-20822 CVE-2019-6283 CVE-2019-6284 CVE-2019-6286 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for teeworlds fixes the following issues: - CVE-2019-10879: An integer overflow in CDataFileReader::Open() could have lead to a buffer overflow and possibly remote code execution, because size-related multiplications were mishandled. (boo#1131729) - CVE-2019-10878: A failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions could have lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. - CVE-2019-10877: An integer overflow in CMap::Load() could have lead to a buffer overflow, because multiplication of width and height were mishandled. - CVE-2018-18541: Connection packets could have been forged. There was no challenge-response involved in the connection build up. A remote attacker could have sent connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. (boo#1112910) - Update to version 0.7.3.1 * Colorful gametype and level icons in the browser instead of grayscale. * Add an option to use raw mouse inputs, revert to (0.6) relative mode by default. * Demo list marker indicator. * Restore ingame Player and Tee menus, add a warning that a reconnect is needed. * Emotes can now be cancelled by releasing the mouse in the middle of the circle. * Improve add friend text. * Add a confirmation for removing a filter * Add a 'click a player to follow' hint * Also hint players which key they should press to set themselves ready. * fixed using correct array measurements when placing egg doodads * fixed demo recorder downloaded maps using the sha256 hash * show correct game release version in the start menu and console * Fix platform-specific client libraries for Linux * advanced scoreboard with game statistics * joystick support (experimental!) * copy paste (one-way) * bot cosmetics (a visual difference between players and NPCs) * chat commands (type / in chat) * players can change skin without leaving the server (again) * live automapper and complete rules for 0.7 tilesets * audio toggling HUD * an Easter surprise... * new gametypes: 'last man standing' (LMS) and 'last team standing' (LTS). survive by your own or as a team with limited weaponry * 64 players support. official gametypes are still restricted to 16 players maximum but allow more spectators * new skin system. build your own skins based on a variety of provided parts * enhanced security. all communications require a handshake and use a token to counter spoofing and reflection attacks * new maps: ctf8, dm3, lms1. Click to discover them! * animated background menu map: jungle, heavens (day/night themes, customisable in the map editor) * new design for the menus: added start menus, reworked server browser, settings * customisable gametype icons (browser). make your own! * chat overhaul, whispers (private messages) * composed binds (ctrl+, shift+, alt+) * scoreboard remodelled, now shows kills/deaths * demo markers * master server list cache (in case the masters are unreachable) * input separated from rendering (optimisation) * upgrade to SDL2. support for multiple monitors, non-english keyboards, and more * broadcasts overhaul, optional colours support * ready system, for competitive settings * server difficulty setting (casual, competitive, normal), shown in the browser * spectator mode improvements: follow flags, click on players * bot flags for modified servers: indicate NPCs, can be filtered out in the server browser * sharper graphics all around (no more tileset_borderfix and dilate) * refreshed the HUD, ninja cooldown, new mouse cursor * mapres update (higher resolution, fixes...) Moderate SUSE bug 1112910 SUSE bug 1131729 CVE-2018-18541 CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mumble fixes the following issues: CVE-2018-20743: murmur mishandled multiple concurrent requests that were persisted in the database, which allowed remote attackers to cause a denial of service (daemon hang or crash) via a message flood. (boo#1123334) Moderate SUSE bug 1123334 CVE-2018-20743 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1138425 SUSE bug 1138464 CVE-2019-11597 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for live555 fixes the following issues: - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. (boo#1127341) - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead to a Use-After-Free error causing the RTSP server to crash or possibly have unspecified other impact. (boo#1124159) - Update to version 2019.06.28, - Convert to dynamic libraries (boo#1121995): + Use make ilinux-with-shared-libraries: build the dynamic libs instead of the static one. + Use make install instead of a manual file copy script: this also reveals that we missed quite a bit of code to be installed before. + Split out shared library packages according the SLPP. - Use FAT LTO objects in order to provide proper static library. Moderate SUSE bug 1121995 SUSE bug 1124159 SUSE bug 1127341 CVE-2019-7314 CVE-2019-9215 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded what missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). Non-security issues fixed: - Increase maximum number of threads and open files for tomcat (bsc#1111966). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1111966 SUSE bug 1131055 SUSE bug 1136085 CVE-2019-0199 CVE-2019-0221 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for exim fixes the following issues: - CVE-2019-13917: Fixed an issue with ${sort} expansion which could allow remote attackers to execute other programs with root privileges (boo#1142207). Important SUSE bug 1142207 CVE-2019-13917 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird version 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). Non-security issued fixed: - Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for virtualbox to version 6.0.10 fixes the following issues: Security issues fixed: - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801) Important SUSE bug 1097248 SUSE bug 1098050 SUSE bug 1112097 SUSE bug 1113894 SUSE bug 1115041 SUSE bug 1116050 SUSE bug 1130503 SUSE bug 1130588 SUSE bug 1132379 SUSE bug 1132439 SUSE bug 1132827 SUSE bug 1133289 SUSE bug 1133492 SUSE bug 1141801 CVE-2018-0734 CVE-2018-11763 CVE-2018-11784 CVE-2018-3288 CVE-2018-3289 CVE-2018-3290 CVE-2018-3291 CVE-2018-3292 CVE-2018-3293 CVE-2018-3294 CVE-2018-3295 CVE-2018-3296 CVE-2018-3297 CVE-2018-3298 CVE-2019-1543 CVE-2019-2446 CVE-2019-2448 CVE-2019-2450 CVE-2019-2451 CVE-2019-2508 CVE-2019-2509 CVE-2019-2511 CVE-2019-2525 CVE-2019-2527 CVE-2019-2554 CVE-2019-2555 CVE-2019-2556 CVE-2019-2574 CVE-2019-2656 CVE-2019-2657 CVE-2019-2678 CVE-2019-2679 CVE-2019-2680 CVE-2019-2690 CVE-2019-2696 CVE-2019-2703 CVE-2019-2721 CVE-2019-2722 CVE-2019-2723 CVE-2019-2848 CVE-2019-2850 CVE-2019-2859 CVE-2019-2863 CVE-2019-2864 CVE-2019-2865 CVE-2019-2866 CVE-2019-2867 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2877 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to version 75.0.3770.142 fixes the following issues: Security issue fixed: - CVE-2019-5847: V8 sealed/frozen elements cause crash (boo#1141649). - CVE-2019-5848: Font sizes may expose sensitive information (boo#1141649). - CVE-2018-20073: Fixed information leaks of URL metadata nad passwords via extended filesystem attributes (boo#1120892). Non-security fix: - Fixed a segfault on startup (boo#1141102). Important SUSE bug 1120892 SUSE bug 1141102 SUSE bug 1141649 CVE-2018-20073 CVE-2019-5847 CVE-2019-5848 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rmt-server to version 2.3.1 fixes the following issues: - Fix mirroring logic when errors are encountered (bsc#1140492) - Refactor RMT::Mirror to download metadata/licenses in parallel - Check repo metadata GPG signatures during mirroring (bsc#1132690) - Add rmt-server-config subpackage with nginx configs (fate#327816, bsc#1136081) - Fix dependency to removed boot_cli_i18n file (bsc#1136020) - Add `rmt-cli systems list` command to list registered systems - Fix create UUID when system_uuid file empty (bsc#1138316) - Fix duplicate nginx location in rmt-server-pubcloud (bsc#1135222) - Mirror additional repos that were enabled during mirroring (bsc#1132690) - Make service IDs consistent across different RMT instances (bsc#1134428) - Make SMT data import scripts faster (bsc#1134190) - Fix incorrect triggering of registration sharing (bsc#1129392) - Fix license mirroring issue in some non-SUSE repositories (bsc#1128858) - Update dependencies to fix vulnerabilities in rails (CVE-2019-5419, bsc#1129271) and nokogiri (CVE-2019-11068, bsc#1132160) - Allow RMT registration to work under HTTP as well as HTTPS. - Offline migration from SLE 15 to SLE 15 SP1 will add Python2 module - Online migrations will automatically add additional modules to the client systems depending on the base product - Supply log severity to journald - Breaking Change: Added headers to generated CSV files This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1128858 SUSE bug 1129271 SUSE bug 1129392 SUSE bug 1132160 SUSE bug 1132690 SUSE bug 1134190 SUSE bug 1134428 SUSE bug 1135222 SUSE bug 1136020 SUSE bug 1136081 SUSE bug 1138316 SUSE bug 1140492 CVE-2019-11068 CVE-2019-5419 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openexr fixes the following issues: Security issues fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1040109 SUSE bug 1040113 SUSE bug 1040115 CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for proftpd fixes the following issues: Security issues fixed: - CVE-2019-12815: Fixed arbitrary file copy in mod_copy that allowed for remote code execution and information disclosure without authentication (bnc#1142281). Important SUSE bug 1142281 CVE-2017-7418 CVE-2019-12815 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-Django fixes the following issues: Security issues fixed: - CVE-2019-11358: Fixed prototype pollution. - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468) - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945). - CVE-2019-14232: Fixed denial-of-service possibility in ``django.utils.text.Truncator`` (bsc#1142880). - CVE-2019-14233: Fixed denial-of-service possibility in ``strip_tags()`` (bsc#1142882). - CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for ``JSONField``/``HStoreField`` (bsc#1142883). - CVE-2019-14235: Fixed potential memory exhaustion in ``django.utils.encoding.uri_to_iri()`` (bsc#1142885). Non-security issues fixed: - Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type. Moderate SUSE bug 1136468 SUSE bug 1139945 SUSE bug 1142880 SUSE bug 1142882 SUSE bug 1142883 SUSE bug 1142885 CVE-2019-11358 CVE-2019-12308 CVE-2019-12781 CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for vlc to version 3.0.7.1 fixes the following issues: Security issues fixed: - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed: - Video Output: * Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support - Access: * Improve Blu-ray support - Audio output: * Fix pass-through on Android-23 * Fix DirectSound drain - Demux: Improve MP4 support - Video Output: * Fix 12 bits sources playback with Direct3D11 * Fix crash on iOS * Fix midstream aspect-ratio changes when Windows hardware decoding is on * Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc: * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts * Work around busy looping when playing an invalid item with loop enabled - Updated translations. Important SUSE bug 1118586 SUSE bug 1138354 SUSE bug 1138933 SUSE bug 1141522 SUSE bug 1142161 SUSE bug 1143547 SUSE bug 1143549 CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-5439 CVE-2019-5459 CVE-2019-5460 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for osc to version 0.165.4 fixes the following issues: Security issue fixed: - CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518). Non-security issues fixed: - support different token operations (runservice, release and rebuild) (requires OBS 2.10) - fix osc token decode error - offline build mode is now really offline and does not try to download the buildconfig - osc build -define now works with python3 - fixes an issue where the error message on osc meta -e was not parsed correctly - osc maintainer -s now works with python3 - simplified and fixed osc meta -e (bsc#1138977) - osc lbl now works with non utf8 encoding (bsc#1129889) - add simpleimage as local build type - allow optional fork when creating a maintenance request - fix RPMError fallback - fix local caching for all package formats - fix appname for trusted cert store - osc -h does not break anymore when using plugins - switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d - fix osc ls -lb handling empty size and mtime - removed decoding on osc api command. This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1129889 SUSE bug 1138977 SUSE bug 1140697 SUSE bug 1142518 SUSE bug 1142662 SUSE bug 1144211 CVE-2019-3685 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for zstd to version 1.4.2 fixes the following issues: Security issues fixed: - CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write (boo#1142941). Non-security issues fixed: - Added --[no-]compress-literals CLI flag to enable or disable literal compression. - Added new --rsyncable mode. - Added handling of -f flag to zstdgrep. - Added CPU load indicator for each file on -vv mode. - Changed --no-progress flag to preserve the final summary. - Added new command --adapt for compressed network piping of data adjusted to the perceived network conditions. Moderate SUSE bug 1082318 SUSE bug 1133297 SUSE bug 1142941 CVE-2019-11922 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs10 to version 10.16.0 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Non-security issue fixed: - Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and openssl version 1.1.1b (bsc#1134208). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1134208 SUSE bug 1140290 CVE-2019-13173 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to version 76.0.3809.87 fixes the following issues: - CVE-2019-5850: Use-after-free in offline page fetcher (boo#1143492) - CVE-2019-5860: Use-after-free in PDFium (boo#1143492) - CVE-2019-5853: Memory corruption in regexp length check (boo#1143492) - CVE-2019-5851: Use-after-poison in offline audio context (boo#1143492) - CVE-2019-5859: res: URIs can load alternative browsers (boo#1143492) - CVE-2019-5856: Insufficient checks on filesystem: URI permissions (boo#1143492) - CVE-2019-5855: Integer overflow in PDFium (boo#1143492) - CVE-2019-5865: Site isolation bypass from compromised renderer (boo#1143492) - CVE-2019-5858: Insufficient filtering of Open URL service parameters (boo#1143492) - CVE-2019-5864: Insufficient port filtering in CORS for extensions (boo#1143492) - CVE-2019-5862: AppCache not robust to compromised renderers (boo#1143492) - CVE-2019-5861: Click location incorrectly checked (boo#1143492) - CVE-2019-5857: Comparison of -0 and null yields crash (boo#1143492) - CVE-2019-5854: Integer overflow in PDFium text rendering (boo#1143492) - CVE-2019-5852: Object leak of utility functions (boo#1143492) Important SUSE bug 1143492 SUSE bug 1144625 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5863 CVE-2019-5864 CVE-2019-5865 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for kconfig, kdelibs4 fixes the following issues: - CVE-2019-14744: Fixed a command execution by an shell expansion (boo#1144600). Important SUSE bug 1144600 CVE-2019-14744 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to verion 76.0.3809.100 fixes the following issues: - CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction (boo#1145242) - CVE-2019-5867: Out-of-bounds read in V8 (boo#1145242). Important SUSE bug 1145242 CVE-2019-5867 CVE-2019-5868 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pdns fixes the following issues: Security issues fixed: - CVE-2019-10203: Updated PostgreSQL schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (boo#1142810) - CVE-2019-10162: Fixed a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (boo#1138582) - CVE-2019-10163: Fixed a denial of service of slave server when an authorized master server sends large number of NOTIFY messages. (boo#1138582) Non-security issues fixed: - Enabled the option to disable superslave support. - Fixed `pdnsutil b2b-migrate` to not lose NSEC3 settings. Important SUSE bug 1138582 SUSE bug 1142810 CVE-2019-10162 CVE-2019-10163 CVE-2019-10203 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer (bnc#1140254). - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted (bnc#1140254). - Several other fixes for out of bounds access and buffer overflows. Important SUSE bug 1140254 CVE-2019-12594 CVE-2019-7165 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1138459 CVE-2019-10160 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs8 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Non-security issue fixed: - Backported fixes for OpenSSL 1.1.1 from nodejs8 (bsc#1134209). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1134209 SUSE bug 1140290 CVE-2019-13173 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for evince fixes the following issues: - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1141619 CVE-2019-1010006 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for subversion to version 1.10.6 fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1142721 SUSE bug 1142743 CVE-2018-11782 CVE-2019-0203 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666) mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1126088 SUSE bug 1132666 SUSE bug 1136035 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-7317: Improve PNG support options (bsc#1141780). - CVE-2019-2818: Better Poly1305 support (bsc#1141788). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2821: Improve TLS negotiation (bsc#1141781). - Certificate validation improvements Non-security issues fixed: - Do not fail installation when the manpages are not present (bsc#1115375) - Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer (bsc#1140461) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1115375 SUSE bug 1140461 SUSE bug 1141780 SUSE bug 1141781 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141788 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821 CVE-2019-7317 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1124847 SUSE bug 1141093 CVE-2019-13050 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-1125: Fix Spectre V1 variant memory disclosure by speculation over the SWAPGS instruction (bsc#1139358). - CVE-2019-10207: A NULL pointer dereference was possible in the bluetooth stack, which could lead to crashes. (bnc#1123959 bnc#1142857). - CVE-2018-20855: In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bnc#1143045). - CVE-2019-14284: drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. (bnc#1143189). - CVE-2019-14283: set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. (bnc#1143191). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254 bnc#1142265). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bnc#1142023). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - af_unix: remove redundant lockdep class (git-fixes). - ALSA: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - ALSA: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - ALSA: compress: Fix regression on compressed capture streams (bsc#1051510). - ALSA: compress: Prevent bypasses of set_params (bsc#1051510). - ALSA: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - ALSA: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - ALSA: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666). - ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - ALSA: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - ALSA: hda/hdmi - Remove duplicated define (bsc#1111666). - ALSA: hda - Optimize resume for codecs without jack detection (bsc#1111666). - ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - ALSA: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - ALSA: line6: Fix a typo (bsc#1051510). - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Break too long mutex context in the write loop (bsc#1051510). - ALSA: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - ALSA: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - ALSA: usb-audio: Cleanup DSD whitelist (bsc#1051510). - ALSA: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ALSA: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - ALSA: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - ARM: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC : cs4265 : readable register too low (bsc#1051510). - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix PCIE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - btrfs-kill-btrfs_clear_path_blocking.patch: (bsc#1140139). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - carl9170: fix misuse of device driver API (bsc#1111666). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). blacklist.conf: dropped patch from blacklist. - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - Correct iwlwifi 22000 series ucode file name (bsc#1142673) - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#11123080). - dma-buf: balance refcount inbalance (bsc#1051510). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drm/amd/display: Always allocate initial connector state state (bsc#1111666). - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666). - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666). - drm/amd/display: fix compilation error (bsc#1111666). - drm/amd/display: Make some functions static (bsc#1111666). - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666). - drm/amdkfd: Fix a potential memory leak (bsc#1111666). - drm/amdkfd: Fix sdma queue map issue (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364) - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - floppy: fix invalid pointer dereference in drive_name (bsc#1111666). - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - HID: wacom: correct touch resolution x/y typo (bsc#1051510). - HID: wacom: generic: Correct pad syncing (bsc#1051510). - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hv_netvsc-Set-probe-mode-to-sync.patch: (bsc#1142083). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1103992). - IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - Input: psmouse - fix build error of multiple definition (bsc#1051510). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - iwlwifi: correct one of the PCI struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - kABI fix for hda_codec.relaxed_resume flag (bsc#1111666). - kABI: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kABI: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - KABI: remove unused hcall definition (bsc#1140322 LTC#176270). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nfc: fix potential illegal memory access (bsc#1051510). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvme: fix possible use-after-free in connect error flow (bsc#1139500) - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - PCI/AER: Use cached AER Capability offset (bsc#1142623). - PCI: Always allow probing with driver_override (bsc#1051510). - PCI: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - PCI: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - PCI: hv: Remove unused reason for refcount handler (bsc#1142701). - PCI: hv: support reporting serial number as slot information (bsc#1142701). - PCI/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - PCI / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623). - PCI/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - PCI/portdrv: Consolidate comments (bsc#1142623). - PCI/portdrv: Disable port driver in compat mode (bsc#1142623). - PCI/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - PCI: portdrv: Restore PCI config state on slot reset (bsc#1142623). - PCI/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623). - PCI/portdrv: Use conventional Device ID table formatting (bsc#1142623). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Return error if cannot probe VF (bsc#1051510). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - RDMA/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - RDMA/srp: Accept again source addresses that do not have a port number (bsc#1103992). - RDMA/srp: Document srp_parse_in() arguments (bsc#1103992 ). - RDMA/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - RDS: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Refresh patches.drivers/0001-PCI-pciehp-Unify-controller-and-slot-structs.patch. (bsc#1141558) - regmap: fix bulk writes on paged registers (bsc#1051510). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703). - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - SCSI: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687) - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738). - scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738). - scsi: mpt3sas: make driver options visible in sys (bsc#1143738). - scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738). - scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738). - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738). - scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738). - scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tracing: Fix header include guards in trace event headers (bsc#1144474). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - Update patches.arch/powerpc-pseries-Fix-xive-off-command-line.patch (bsc#1085030, bsc#1144518, LTC#178833). - Update References field to patches.suse/0275-bcache-never-writeback-a-discard-operation.patch (bsc#1130972, bsc#1102247). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - USB: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - USB: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1085030 SUSE bug 1086103 SUSE bug 1102247 SUSE bug 1103991 SUSE bug 1103992 SUSE bug 1104745 SUSE bug 1106061 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112374 SUSE bug 1114279 SUSE bug 1119222 SUSE bug 1123959 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1127611 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1131281 SUSE bug 1133021 SUSE bug 1134090 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136217 SUSE bug 1136342 SUSE bug 1136352 SUSE bug 1136460 SUSE bug 1136461 SUSE bug 1136467 SUSE bug 1136502 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1138874 SUSE bug 1139101 SUSE bug 1139358 SUSE bug 1139500 SUSE bug 1139619 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140426 SUSE bug 1140559 SUSE bug 1140652 SUSE bug 1140676 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1141312 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141450 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1141558 SUSE bug 1142023 SUSE bug 1142052 SUSE bug 1142083 SUSE bug 1142112 SUSE bug 1142115 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142265 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142623 SUSE bug 1142635 SUSE bug 1142673 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143209 SUSE bug 1143466 SUSE bug 1143507 SUSE bug 1143738 SUSE bug 1144474 SUSE bug 1144518 CVE-2018-20855 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector operations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1089811 SUSE bug 1116451 SUSE bug 1121874 SUSE bug 1123131 SUSE bug 1123455 SUSE bug 1124062 SUSE bug 1124869 SUSE bug 1127760 SUSE bug 1127857 SUSE bug 1128845 SUSE bug 1135189 SUSE bug 1135228 CVE-2018-16858 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dkgpg, libTMCG fixes the following issues: libTMCG was updated to version 1.3.18 * This release is two-fold: first, it fixes some bugs (e.g. iterated S2K) of the OpenPGP interface, and second, it adds functionality for handling v5 keys and signatures (see RFC 4880bis-07). Update to version 1.3.17 * VTMF,ASTC,DKG,VRHE,EOTP,COM,VSS: make CheckGroup() more robust * VSSHE: security bugfix for Verify_[non]interactive_[_publiccoin] * mpz_spowm: added check for correct base in fast exponentiation * mpz_sqrtm: remove unused parameter in tmcg_mpz_qrmn_p() * configure.ac: added compiler option '-Wextra' * mpz_sprime: added tmcg_mpz_smprime() with increased B = 80000 * RFC4880: changed type of tmcg_openpgp_mem_alloc to unsigned long Update to version 1.3.16 * changed constant TMCG_MAX_CARDS (decreased by factor 2) * changed formulas for TMCG_MAX_VALUE_CHARS and TMCG_MAX_KEY_CHARS * RFC4880: added support of Preferred AEAD Algorithms [RFC 4880bis] * RFC4880: added output for key usage 'timestamping' [RFC 4880bis] * RFC4880: changed tmcg_openpgp_byte_t: unsigned char -> uint8_t * RFC4880: added PacketAeadEncode() [RFC 4880bis] * RFC4880: added SymmetricDecryptAEAD() and SymmetricEncryptAEAD() * changed formula for TMCG_MAX_KEYBITS (increased by factor 2) * mpz_srandom: bugfix in Botan code branch of mpz_grandomb() Update to version 1.3.15: * This is a maintenance release that fixes some bugs, e.g. in the Botan support of functions from module mpz_srandom. Moreover, some interfaces of the OpenPGP implemenation have been added and removed. For some modules of LibTMCG a basic exception handling has been introduced. Update to version 1.3.14: * With this release three additional parameters for the control of secure memory allocation have been added to init_libTMCG(). They are explained in the reference manual. Moreover, the OpenPGP interface has been enhanced in several way, e.g., ECDH, ECDSA and EdDSA are supported now. Update to 1.3.13: * Lots of major improvements for undocumented OpenPGP interface * PRNG from Botan is used as additional source of randomness * SHA3 is emulated if runtime version of libgcrypt is too old dkgpg was updated to version 1.1.3: * This is a bugfix release that includes only three minor improvements: a direct-key signature (0x1f) for the primary key is added by default such that restricting key servers (e.g. keys.openpgp.org) can deliver a cryptographically checkable key without verification of any included user ID or without appended subkey. The command line interface of dkg-decrypt has been improved in order to give users an easy access to the symmetric-key decryption mode. An additional option ('-5') for dkg-sign allows to generate V5 signatures (cf. draft RFC 4880bis). Update to version 1.1.2: * This release adds a lot of features to some programs: two new options ('-K' and '-f') allow dkg-keysign to read the certification key from a keyring instead of a single key block file. Moreover, with option '-a' an interactive confirmation by the user is required for each signature. Passive support of V5 keys (cf. draft RFC 4880bis) has been added for all programs, however, dkg-generate still generates V4 keys only, because this new feature of the draft is not widely spread. There is also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to create a symmetric-key encrypted session key, i.e., the user has to supply a passphrase for encryption and decryption without any public-key cryptography involved. Last but not least, two bugs have been fixed: First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with 'ZLIB ERROR: -3 invalid block type' due to a bug in decompression logic. Second, dkg-decrypt failed in a special case of symmetric-key encrypted session keys. Finally, the non-installing program dkg-fuzzer (generates fuzzy samples of somehow corrupted OpenPGP stuctures) has been added. Update to version 1.1.1: * Some small improvements have been applied for dkg-generate: Two new options ('-u' and '-N') allow providing the initial user ID and to disable the passphrase at command line. Moreover, since this release dkg-timestamp and dkg-timestamp-verify require a special key usage flag from recent RFC 4880bis draft to select so-called timestamping keys. Finally, the synchronization time of the internally used broadcast protocol was reduced to a more reasonable amount and in dkg-decrypt the detection of end of data for message and decryption shares was changed. Update to version 1.1.0: * This release supports Authenticated Encryption with Associated Data (AEAD) in accordance to RFC 4880bis (draft); this can be enforced with the new added option '-a' when dkg-(d)encrypt is used. For using domain parameters, as described in RFC 7919, one should specify the new option '-r', when dkg-gencrs is used. Last, for key generation (dkg-generate) the timestamp option was added ( '--timestamping') which sets a key usage flag. - Update to version 1.0.9 This release improves the possibilities of DKGPG further. With the new programs dkg-adduid and dkg-revuid an user ID can be added and revoked, respectively. The program dkg-revoke now supports a human-readable reason for revocation (by option '-R') and dkg-decrypt verifies an included signature according to a given key ring (option '-k'). Last but not least, by the program dkg-addrevoker an external revocation key can be specified. Update to version 1.0.8: * First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637 and Werner Koch's draft RFC 4880bis) has been added by relying on the most recent version of LibTMCG. The threshold signature scheme and the threshold encryption are still limited to finite field cryptography (i.e. DSA and ElGamal). Moreover, the programs generate and recognize a few other new OpenPGP features (e.g. issuer fingerprint subpackets) from RFC 4880bis. Compressed messages are now decompressed by the program dkg-decrypt using zlib Compression Library (and optionally by library routines from libbzip2). This completes DKGPG's compatibility with other OpenPGP software, however, the prefered compression algorithm (i.e. 'no compression') in self-signatures of generated keys is kept for now. Support for symmetric-key decryption by dkg-decrypt has been added too. The program dkg-verify now reads the signature from a file, if option '-s' is used. To keep track of later protocol changes, all interactive programs include a version identifier in their common ID of the reliable broadcast channel. Thus programs from previous releases will not communicate with those of this release. With the new programs dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature can be generated and verified, respectively. Last but not least, by the new option '-y' some programs (dkg-generate, dkg-decrypt, dkg-sign, dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too. The README file contains a configuration sample showing how to replace classic PGP by DKGPG in the famous mail user agent mutt based on this option. Please note that this feature is experimental and semantics may be changed later. Update to 1.0.7: * Small improvments due to the new OpenPGP structures from libTMCG * '-k' option has been added to further programs * OpenPGP cleartext signatures can be generated with the '-t' option * Output of potentially malicious user IDs has been sanitized in dkg-keycheck, dkg-keyinfo, and dkg-keysign Moderate cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1061305 CVE-2017-14988 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid fixes the following issues: Security issue fixed: - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1140738 CVE-2019-13345 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1068716 SUSE bug 1142439 CVE-2017-16808 CVE-2019-1010220 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141980 CVE-2019-13619 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libcryptopp fixes the following issues: - CVE-2019-14318: Fixed a timing side channel vulnerability in the ECDSA signature generation (boo#1143532). Moderate SUSE bug 1143532 CVE-2019-14318 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13309: Fixed a memory leak at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages (bsc#1140520). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13303: Fixed a heap-based buffer over-read in MagickCore/composite.c in CompositeImage (bsc#1140549). - CVE-2019-13296: Fixed a memory leak in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c (bsc#1140665). - CVE-2019-13299: Fixed a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel (bsc#1140668). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534). - CVE-2019-13302: Fixed a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages (bsc#1140552). - CVE-2019-13298: Fixed a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo (bsc#1140667). - CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538). - CVE-2019-12977: Fixed the use of uninitialized values in WriteJP2Imag() (bsc#1139884). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111). - CVE-2019-13304: Fixed a stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140547). - CVE-2019-13305: Fixed one more stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140545). - CVE-2019-13306: Fixed an additional stack-based buffer overflow at coders/pnm.c in WritePNMImage (bsc#1140543). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-13137: Fixed a memory leak in the ReadPSImage() (bsc#1140105). - CVE-2019-13136: Fixed a integer overflow vulnerability in the TIFFSeekCustomStream() (bsc#1140104). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1139884 SUSE bug 1139885 SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140104 SUSE bug 1140105 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140111 SUSE bug 1140501 SUSE bug 1140513 SUSE bug 1140520 SUSE bug 1140534 SUSE bug 1140538 SUSE bug 1140543 SUSE bug 1140545 SUSE bug 1140547 SUSE bug 1140549 SUSE bug 1140552 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140665 SUSE bug 1140666 SUSE bug 1140667 SUSE bug 1140668 SUSE bug 1140669 SUSE bug 1140673 SUSE bug 1141171 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13136 CVE-2019-13137 CVE-2019-13295 CVE-2019-13296 CVE-2019-13297 CVE-2019-13298 CVE-2019-13299 CVE-2019-13300 CVE-2019-13301 CVE-2019-13302 CVE-2019-13303 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for putty fixes the following issues: Update to new upstream release 0.72 [boo#1144547, boo#1144548] * Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. * Fixed a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant. * Fixed a crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange. Moderate SUSE bug 1144547 SUSE bug 1144548 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141853 CVE-2018-20852 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for schismtracker fixes the following issues: The following security issues were fixed: - CVE-2019-14523: Fixed an integer underflow in the Amiga Oktalyzer parser (boo#1144266). - CVE-2019-14524: Fixed a heap overflow in the MTM loader (boo#1144261). The following non-security issues were fixed: - Support 15-channel MOD files. - Support undocumented MIDI macro characters, and support character p (MIDI program) properly. Important SUSE bug 1144261 SUSE bug 1144266 CVE-2019-14523 CVE-2019-14524 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth. (bsc#1146111) - CVE-2019-9514: Fixed HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service. (bsc#1146115) - CVE-2019-14809: Fixed authorization bypass due to malformed hosts in URLs. (bsc#1146123) Important SUSE bug 1139210 SUSE bug 1141689 SUSE bug 1146111 SUSE bug 1146115 SUSE bug 1146123 CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for qbittorrent fixes the following issues: - CVE-2019-13640: avoid command injection (boo#1141967) Moderate SUSE bug 1141967 CVE-2019-13640 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker: - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1100331 SUSE bug 1121967 SUSE bug 1138920 SUSE bug 1139649 SUSE bug 1142160 SUSE bug 1142413 SUSE bug 1143409 CVE-2018-10892 CVE-2019-13509 CVE-2019-14271 CVE-2019-5736 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libmirage fixes the following issues: CVE-2019-15540: The CSO filter in libMirage in CDemu did not validate the part size, triggering a heap-based buffer overflow that could lead to root access by a local user. [boo#1148087] - Update to new upstream release 3.2.2 * ISO parser: fixed ISO9660/UDF pattern search for sector sizes 2332 and 2336. * ISO parser: added support for Nintendo GameCube and Wii ISO images. * Extended medium type guess to distinguish between DVD and BluRay images based on length. * Removed fabrication of disc structures from the library (moved to CDEmu daemon). * MDS parser: cleanup of disc structure parsing, fixed the incorrectly set structure sizes. Moderate SUSE bug 1148087 CVE-2019-15540 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). - CVE-2019-5008: Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (bsc#1133031). Bug fixes and enhancements: - Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jsc#SLE-4883) - Add SnowRidge-Server vcpu model (jsc#SLE-4883) - Add in documentation about md-clear feature (bsc#1138534) - Fix SEV issue where older machine type is not processed correctly (bsc#1144087) - Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) - Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) - Ignore csske for expanding the cpu model (bsc#1136540) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1128106 SUSE bug 1133031 SUSE bug 1134883 SUSE bug 1135210 SUSE bug 1135902 SUSE bug 1136540 SUSE bug 1136778 SUSE bug 1138534 SUSE bug 1140402 SUSE bug 1143794 SUSE bug 1144087 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-5008 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This is a version update for podman to version 1.4.4 (bsc#1143386). Additional changes by SUSE on top: - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386) - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client Version update podman to v1.4.4: - Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag - Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) - Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed Update podman to v1.4.2: - Fixed a bug where Podman could not run containers using an older version of Systemd as init - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions - The error message for running podman kill on containers that are not running has been improved - Podman remote client can now log to a file if syslog is not available - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running) - The podman run --mount command now supports the bind-nonrecursive option for bind mounts - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver - Fixed a bug where Podman would fail to build with musl libc - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting - Updated vendored containers/image to v2.0 - Update conmon to v0.3.0 - Support OOM Monitor under cgroup V2 - Add config binary and make target for configuring conmon with a go library for importing values Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems. - The podman cp now supports pause flag. - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974). - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - Podman commit command is now usable with the Podman remote client - Signature-policy flag has been deprecated - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Added fuse-overlayfs dependency to support overlay based rootless image manipulations - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument. - The podman remote client now displays version information from both the client and server in podman version - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things) - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client - Fixed a bug where podman remote ps --ns would not print the container's namespaces - Fixed a bug where removing stopped containers with healthchecks could cause an error - Fixed a bug where the default libpod.conf file was causing parsing errors - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable - The remote Podman client now uses the Varlink bridge to establish remote connections by default - Fixed an issue with apparmor_parser (bsc#1123387) - Update to libpod v1.4.0 (bsc#1137860): - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately Update to storage v1.12.10: - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback slirp4netns was updated to 0.3.0: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156) This update also includes: - fuse3 and fuse-overlayfs to support rootless containers. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1096726 SUSE bug 1123156 SUSE bug 1123387 SUSE bug 1135460 SUSE bug 1136974 SUSE bug 1137860 SUSE bug 1143386 CVE-2018-15664 CVE-2019-10152 CVE-2019-6778 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for httpie fixes the following issues: httpie was updated to version 1.0.3: * Fix CVE-2019-10751 (HTTPie is volnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. (bsc#1148466) Moderate SUSE bug 1148466 CVE-2019-10751 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10097: Fixed mod_remoteip stack buffer overflow and NULL pointer dereference (bsc#1145739). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1145575 SUSE bug 1145738 SUSE bug 1145739 SUSE bug 1145740 SUSE bug 1145741 SUSE bug 1145742 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-9517 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slurm to version 18.08.8 fixes the following issues: Security issue fixed: - CVE-2019-12838: Fixed a SQL injection in slurmdbd (bsc#1140709). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1140709 CVE-2019-12838 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123). Bugfixes: - Update to go version 1.12.9 (bsc#1141689). - Adding Web Assembly stuff from misc/wasm (bsc#1139210). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1139210 SUSE bug 1141689 SUSE bug 1146111 SUSE bug 1146115 SUSE bug 1146123 CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache-commons-beanutils fixes the following issues: Security issue fixed: - CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1146657 CVE-2019-10086 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1124593 CVE-2019-7164 CVE-2019-7548 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wavpack fixes the following issues: Security issues fixed: - CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults (bsc#1141334). - CVE-2019-11498: Fixed possible denial of service (application crash) in WavpackSetConfiguration64 via a DFF file that lacks valid sample-rate data (bsc#1133384). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1133384 SUSE bug 1141334 CVE-2019-1010319 CVE-2019-11498 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-Twisted fixes the following issues: Security issue fixed: - CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks (bsc#1138461). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1138461 CVE-2019-12855 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for SDL2_image fixes the following issues: Update to new upstream release 2.0.5. Security issues fixed: * TALOS-2019-0820 CVE-2019-5051: exploitable heap-based buffer overflow vulnerability when loading a PCX file (boo#1140419) * TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421) * TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763) * TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764) * TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image (boo#1143766) * TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768) Not mentioned by upstream, but issues seemingly further fixed: * CVE-2019-12218: NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW (boo#1135789) * CVE-2019-12217: NULL pointer dereference in the SDL stdio_read function (boo#1135787) * CVE-2019-12220: SDL_image triggers an out-of-bounds read in the SDL function SDL_FreePalette_REAL (boo#1135806) * CVE-2019-12221: a SEGV caused by SDL_image in SDL function SDL_free_REAL in stdlib/SDL_malloc.c (boo#1135796) * CVE-2019-12222: out-of-bounds read triggered by SDL_image in the function SDL_InvalidateMap at video/SDL_pixels.c (boo#1136101) * CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844). Moderate SUSE bug 1135787 SUSE bug 1135789 SUSE bug 1135796 SUSE bug 1135806 SUSE bug 1136101 SUSE bug 1140419 SUSE bug 1140421 SUSE bug 1141844 SUSE bug 1143763 SUSE bug 1143764 SUSE bug 1143766 SUSE bug 1143768 CVE-2019-12217 CVE-2019-12218 CVE-2019-12220 CVE-2019-12221 CVE-2019-12222 CVE-2019-13616 CVE-2019-5051 CVE-2019-5052 CVE-2019-5057 CVE-2019-5058 CVE-2019-5059 CVE-2019-5060 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for SDL_image fixes the following issues: Update SDL_Image to new snapshot 1.2.12+hg695. Security issues fixed: * TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file (boo#1140421) * TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the PCX image-rendering functionality of SDL2_image (boo#1143763) * TALOS-2019-0842 CVE-2019-5058: heap overflow in XCF image rendering can lead to code execution (boo#1143764) * TALOS-2019-0843 CVE-2019-5059: heap overflow in XPM image handling (boo#1143766) * TALOS-2019-0844 CVE-2019-5060: integer overflow in the XPM image (boo#1143768) * CVE-2019-7635: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (boo#1124827) * CVE-2019-13616: fix heap buffer overflow when reading a crafted bmp file (boo#1141844). Moderate SUSE bug 1124827 SUSE bug 1140421 SUSE bug 1141844 SUSE bug 1143763 SUSE bug 1143764 SUSE bug 1143766 SUSE bug 1143768 CVE-2019-13616 CVE-2019-5052 CVE-2019-5057 CVE-2019-5058 CVE-2019-5059 CVE-2019-5060 CVE-2019-7635 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.11 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123). Bugfixes: - Update to go version 1.11.13 (bsc#1141688). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141688 SUSE bug 1146111 SUSE bug 1146115 SUSE bug 1146123 CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Security issues fixed: - CVE-2019-5869: Fixed use-after-free in Blink (boo#1149143). - Various fixes from internal audits, fuzzing and other initiatives. Non-security issues fixed: - Fixed no video playback on Intel Kaby Lake and later (boo#1146219). Moderate SUSE bug 1146219 SUSE bug 1149143 CVE-2019-5869 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 srt was updated to version 1.3.4. Security issues fixed: * CVE-2019-15784: avoid a potential array overflow. (boo#1148844) * New binary: srt-tunnel * srt-multiplexer binary is now a testing application and thus is dropped from our package. Moderate SUSE bug 1148844 CVE-2019-15784 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123). Bugfixes: - Update to go version 1.12.9 (bsc#1141689). - Adding Web Assembly stuff from misc/wasm (bsc#1139210). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1139210 SUSE bug 1141689 SUSE bug 1146111 SUSE bug 1146115 SUSE bug 1146123 CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 exim was updated to fix a security issue: - CVE-2019-15846: Fixed a buffer overflow in SMTP Delivery process where a remote attacker could execute code with root privileges by sending crafted SNI data (boo#1149182). Important SUSE bug 1149182 CVE-2019-15846 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libmirage fixes the following issues: Security issues fixed: - CVE-2019-15757: Fixed NULL pointer dereference in the NRG parser (boo#1148728). Moderate SUSE bug 1148728 CVE-2019-15757 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Opera was updated to version 63.0.3368.66: - CHR-7525 Update chromium on desktop-stable-76-3368 to 76.0.3809.132 - DNA-74031 Download indicator doesn’t match progress - DNA-77042 Something went wrong message in crypto wallet in private window - DNA-79137 Crash at opera::installer::OptionsScreen:: OnLanguageChanged() - DNA-79683 Installer crashes when showing progress - DNA-79757 Line divider under address bar disappears after opening and closing Bookmarks Bar - DNA-80012 Zoom popup appears each time clicking ‘heart’ icon - DNA-80110 Bug when changing the install path in installer - DNA-80417 [assistant] Crash at opera::avro::event_driven::StatSenderImpl::NetworkThread:: SetTrafficAllowed(bool) - DNA-80422 Continue shopping section is too close to Speed Dial tiles when tiles are big - DNA-80463 Add shadow to shopping tiles - DNA-78143 Load async resources before rendering the page - DNA-79102 Make AU to be always server IPC endpoint when new AU logic is enabled - DNA-80193 Magnifying glass icon doesn’t match the search box boundaries in settings and extensions - DNA-80416 Crash at opera::assistant::ProcessMonitorImpl:: ObserveProcess(std::__1::basic_string const&, opera::assistant:: ProcessMonitor::Observer*) - DNA-79558 Add database for continue shopping feature - DNA-79560 Create hidden runtime flag #continue-shopping - DNA-79702 Create Continue Shopping service - DNA-79786 Fix database backend for deleting the partner offer - DNA-80193 Magnifying glass icon doesn’t match the search box boundaries in settings and extensions - DNA-80237 Prevent data collection when feature is off - DNA-80244 Introduce another feature flag for changing the default value of folded state - DNA-79558 Add database for continue shopping feature - DNA-79560 Create hidden runtime flag #continue-shopping - DNA-79702 Create Continue Shopping service - DNA-79786 Fix database backend for deleting the partner offer - DNA-80193 Magnifying glass icon doesn’t match the search box boundaries in settings and extensions - DNA-80237 Prevent data collection when feature is off - DNA-80244 Introduce another feature flag for changing the default value of folded state - DNA-79560 Create hidden runtime flag #continue-shopping - DNA-79702 Create Continue Shopping service - DNA-79786 Fix database backend for deleting the partner offer - DNA-80193 Magnifying glass icon doesn’t match the search box boundaries in settings and extensions - DNA-80237 Prevent data collection when feature is off - DNA-80244 Introduce another feature flag for changing the default value of folded state - DNA-79063 Address bar icons are hardly visible in private window in light mode - DNA-79274 No warning notification on quitting Opera with multiple tabs open after update - DNA-80103 Investigate best ICECC_THREADS for faster Mac builds - DNA-80105 O63 translations (08.08.2019) - DNA-80219 DCHECK at ExtensionDownloader::HandleManifestResults - DNA-80330 [My Flow] The QR code and connection code is not visible for some people - DNA-79569 Don’t provide default value for titleTextColor in opr.wallpapersAPI - DNA-80221 Change channel to “stable” in permissions features for wallpapersPrivate - DNA-80230 Promote O63 to stable Important cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1146090 SUSE bug 1146091 SUSE bug 1146093 SUSE bug 1146094 SUSE bug 1146095 SUSE bug 1146097 SUSE bug 1146099 SUSE bug 1146100 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs8 to version 8.16.1 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes: - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1144919 SUSE bug 1146090 SUSE bug 1146091 SUSE bug 1146093 SUSE bug 1146094 SUSE bug 1146095 SUSE bug 1146097 SUSE bug 1146099 SUSE bug 1146100 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579). - CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580). - CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582). - CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015). - CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022). - CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1115015 SUSE bug 1115022 SUSE bug 1115025 SUSE bug 1145579 SUSE bug 1145580 SUSE bug 1145582 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1081947 SUSE bug 1082293 SUSE bug 1085196 SUSE bug 1106214 SUSE bug 1121197 SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1127701 SUSE bug 1135534 SUSE bug 1135708 SUSE bug 1141113 SUSE bug 353876 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123). Bugfixes: - Update to go version 1.12.9 (bsc#1141689). - Adding Web Assembly stuff from misc/wasm (bsc#1139210). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1139210 SUSE bug 1141689 SUSE bug 1146111 SUSE bug 1146115 SUSE bug 1146123 CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1129071 SUSE bug 1132663 SUSE bug 1132900 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rdesktop fixes the following issues: rdesktop was updated to 1.8.6: * Fix protocol code handling new licenses rdesktop was updated to 1.8.5: * Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server. rdesktop was updated to 1.8.4 (fix for boo#1121448): * Add rdp_protocol_error function that is used in several fixes * Refactor of process_bitmap_updates * Fix possible integer overflow in s_check_rem() on 32bit arch * Fix memory corruption in process_bitmap_data - CVE-2018-8794 * Fix remote code execution in process_bitmap_data - CVE-2018-8795 * Fix remote code execution in process_plane - CVE-2018-8797 * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175 * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175 * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176 * Fix Denial of Service in sec_recv - CVE-2018-20176 * Fix minor information leak in rdpdr_process - CVE-2018-8791 * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792 * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793 * Fix Denial of Service in process_bitmap_data - CVE-2018-8796 * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798 * Fix Denial of Service in process_secondary_order - CVE-2018-8799 * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800 * Fix major information leak in ui_clip_handle_data - CVE-2018-20174 * Fix memory corruption in rdp_in_unistr - CVE-2018-20177 * Fix Denial of Service in process_demand_active - CVE-2018-20178 * Fix remote code execution in lspci_process - CVE-2018-20179 * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180 * Fix remote code execution in seamless_process - CVE-2018-20181 * Fix remote code execution in seamless_process_line - CVE-2018-20182 * Fix building against OpenSSL 1.1 - remove obsolete patches * rdesktop-Fix-OpenSSL-1.1-compability-issues.patch * rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch - update changes file * add missing info about bugzilla 1121448 - Added rdesktop-Fix-decryption.patch Patch from https://github.com/rdesktop/rdesktop/pull/334 to fix connections to VirtualBox. - update to 1.8.6 * Fix protocol code handling new licenses - update to 1.8.5 * Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server. - Trim redundant wording from description. - Use %make_install. - update to 1.8.4 (fix for boo#1121448) * Add rdp_protocol_error function that is used in several fixes * Refactor of process_bitmap_updates * Fix possible integer overflow in s_check_rem() on 32bit arch * Fix memory corruption in process_bitmap_data - CVE-2018-8794 * Fix remote code execution in process_bitmap_data - CVE-2018-8795 * Fix remote code execution in process_plane - CVE-2018-8797 * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175 * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175 * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176 * Fix Denial of Service in sec_recv - CVE-2018-20176 * Fix minor information leak in rdpdr_process - CVE-2018-8791 * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792 * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793 * Fix Denial of Service in process_bitmap_data - CVE-2018-8796 * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798 * Fix Denial of Service in process_secondary_order - CVE-2018-8799 * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800 * Fix major information leak in ui_clip_handle_data - CVE-2018-20174 * Fix memory corruption in rdp_in_unistr - CVE-2018-20177 * Fix Denial of Service in process_demand_active - CVE-2018-20178 * Fix remote code execution in lspci_process - CVE-2018-20179 * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180 * Fix remote code execution in seamless_process - CVE-2018-20181 * Fix remote code execution in seamless_process_line - CVE-2018-20182 * Fix building against OpenSSL 1.1 Important SUSE bug 1121448 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for buildah fixes the following issues: Security issue fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1144065 CVE-2019-10214 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for skopeo fixes the following issues: Security issues fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections (bsc#1144065). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1144065 CVE-2019-10214 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1144621 CVE-2019-10216 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-10197: Fixed user escape from share path definition (bsc#1141267). Bug fix: - Prepare for future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1141267 SUSE bug 1144059 CVE-2019-10197 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for podman fixes the following issues: Security issue fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1144065 CVE-2019-10214 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1145383 CVE-2019-14806 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1149495 SUSE bug 1149496 CVE-2019-5481 CVE-2019-5482 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to 77.0.3865.75 fixes the following issues: Security issues fixed: - CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425) - CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425) - CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425) - CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425) - CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425) - CVE-2019-5876: Fixed a use-after-free in media (boo#1150425) - CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425) - CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425) - CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425) - CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425) - CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425) - CVE-2019-13659: Fixed an URL spoof. (boo#1150425) - CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425) - CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425) - CVE-2019-13662: Fixed a CSP bypass. (boo#1150425) - CVE-2019-13663: Fixed an IDN spoof. (boo#1150425) - CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425) - CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425) - CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425) - CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425) - CVE-2019-13668: Fixed a global window leak via console. (boo#1150425) - CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425) - CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425) - CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425) - CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425) - CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425) - CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425) - CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425) - CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425) - CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425) - CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425) - CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425) - CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425) - CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425) - CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425) Important SUSE bug 1150425 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1073313 SUSE bug 1111388 SUSE bug 1114845 SUSE bug 1143194 SUSE bug 1143273 CVE-2017-17740 CVE-2019-13057 CVE-2019-13565 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bird fixes the following issues: - CVE-2019-16159: Fixed a stack-based buffer overflow via administrative shutdown communication messages. (bnc#1150108) Moderate SUSE bug 1150108 CVE-2019-16159 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516 bnc#1146512 bnc#1146514) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378 1146543). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146368). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15239: In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. (for example) Linux distributions that use 4.9.x longterm kernels or 4.14.x longterm kernels (bnc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver (bnc#1146378 1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15538: XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15920: An issue was discovered in the Linux kernel SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-15926: Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-9456: In the USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). The following non-security bugs were fixed: - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda/ca0132 - Add new SBZ quirk (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510). - ALSA: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510). - ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510). - ALSA: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510). - ALSA: usb-audio: fix a memory leak bug (bsc#1111666). - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510). - arm64: fix undefined reference to 'printk' (bsc#1148219). - arm64/kernel: enable A53 erratum #8434319 handling at runtime (bsc#1148219). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219). - arm64: PCI: Preserve firmware configuration when desired (SLE-9332). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath10k: Change the warning message string (bsc#1051510). - ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: Revert 'bcache: use sysfs_match_string() instead of __sysfs_match_string()' (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 FATE#325918). - bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 FATE#325918). - bnxt_en: Improve RX doorbell sequence (bsc#1104745 FATE#325918). - bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745 FATE#325918). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837). - bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837). - bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570). - ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clear page dirty before invalidate page (bsc#1148133). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix infinite loop in get_quota_realm() (bsc#1148133). - ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570). - ceph: handle btime in cap messages (bsc#1148133 bsc#1136682). - ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682). - ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682). - ceph: initialize superblock s_time_gran to 1 (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: smbd: Add rdma mount option (bsc#1144333). - cifs: smbd: Add SMB Direct debug counters (bsc#1144333). - cifs: smbd: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Establish SMB Direct connection (bsc#1144333). - cifs: smbd: export protocol initial values (bsc#1144333). - cifs: smbd: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: smbd: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: smbd: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: smbd: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: smbd: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: smbd: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: smbd: Implement function to send data via RDMA send (bsc#1144333). - cifs: smbd: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: smbd: _smbd_get_connection() can be static (bsc#1144333). - cifs: smbd: Support page offset in memory registration (bsc#1144333). - cifs: smbd: Support page offset in RDMA recv (bsc#1144333). - cifs: smbd: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: smbd: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: smbd: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: smbd: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: smbd: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: smbd: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: smbd: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: smbd: Upper layer sends data via RDMA send (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: smbd: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219 - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 FATE#327377 bsc#1145446 LTC#175307). - crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 FATE#327377 bsc#1145446 LTC#175307). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: correctly calculate the size of metadata area (git fixes). - dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes). - dm integrity: fix deadlock with overlapping I/O (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - Documentation: Update Documentation for iommu.passthrough (bsc#1136039). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666). - drm/amd/display: Increase size of audios array (bsc#1111666). - drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946). - drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666). - drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946). - drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666). - drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635) - drm/amdgpu: added support 2nd UVD instance (bsc#1143331). - drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331). - drm/amdgpu: fix a potential information leaking bug (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510). - drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/exynos: fix missing decrement of retry counter (bsc#1111666). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666). - drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666). - drm/i915: Fix the TBT AUX power well enabling (bsc#1111666). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix ICL perf register offsets (bsc#1111666). - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666). - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1111666). - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - Drop an ASoC fix that was reverted in 4.14.y stable - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489). - EDAC/amd64: Cache secondary Chip Select registers (bsc#1131489). - EDAC/amd64: Decode syndrome before translating address (bsc#1131489). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1131489). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489). - EDAC/amd64: Recognize DRAM device type ECC capability (bsc#1131489). - EDAC/amd64: Recognize x16 symbol size (bsc#1131489). - EDAC/amd64: Set maximum channel layer size depending on family (bsc#1131489). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489). - EDAC/amd64: Support more than two controllers for chip selects handling (bsc#1131489). - EDAC/amd64: Support more than two Unified Memory Controllers (bsc#1131489). - EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ia64: Get rid of iommu_pass_through (bsc#1136039). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu: Add helpers to set/get default domain type (bsc#1136039). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039). - iommu: Disable passthrough mode when SME is active (bsc#1136039). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Remove stale cached32_node (bsc#1145018). - iommu: Print default domain type on boot (bsc#1136039). - iommu: Remember when default domain type was set on kernel command line (bsc#1136039). - iommu: Set default domain type at runtime (bsc#1136039). - iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039). - iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iversion: add a routine to update a raw value with a larger one (bsc#1148133). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994 FATE#326315 FATE#326317). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: Fix kABI for x86 pci-dma code (bsc#1136039). - kabi/severities: Exclude drivers/crypto/ccp/* - kabi/severities: match SLE15 entry ordering. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240 FATE#327380). - kvm: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240 FATE#327380). - kvm: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 FATE#327380). - kvm: s390: add MSA9 to cpumodel (jsc#SLE-6240 FATE#327380). - kvm: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240 FATE#327380). - kvm: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240 FATE#327380). - kvm: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240 FATE#327380). - kvm: s390: implement subfunction processor calls (jsc#SLE-6240 FATE#327380). - kvm: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240 FATE#327380). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682). - libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682). - libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682). - libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682). - libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682). - libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308). - mac80211: Correctly set noencrypt for PAE frames (bsc#1111666). - mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353 FATE#326415). - net: hns3: add all IMP return code (bsc#1104353 FATE#326415). - net: hns3: add aRFS support for PF (bsc#1104353 FATE#326415). - net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353 FATE#326415). - net: hns3: add check to number of buffer descriptors (bsc#1104353 FATE#326415). - net: hns3: add default value for tc_size and tc_offset (bsc#1104353 FATE#326415). - net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353 FATE#326415). - net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353 FATE#326415). - net: hns3: add handshake with hardware while doing reset (bsc#1104353 FATE#326415). - net: hns3: Add missing newline at end of file (bsc#1104353 FATE#326415). - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353 FATE#326415). - net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353 FATE#326415). - net: hns3: add some error checking in hclge_tm module (bsc#1104353 FATE#326415). - net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353 FATE#326415). - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353 FATE#326415). - net: hns3: bitwise operator should use unsigned type (bsc#1104353 FATE#326415). - net: hns3: change SSU's buffer allocation according to UM (bsc#1104353 FATE#326415). - net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353 FATE#326415). - net: hns3: clear restting state when initializing HW device (bsc#1104353 FATE#326415). - net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353 FATE#326415). - net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353 FATE#326415). - net: hns3: delay ring buffer clearing during reset (bsc#1104353 FATE#326415). - net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353 FATE#326415). - net: hns3: delete the redundant user NIC codes (bsc#1104353 FATE#326415). - net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353 FATE#326415). - net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353 FATE#326415). - net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353 FATE#326415). - net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353 FATE#326415). - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353 FATE#326415). - net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353 FATE#326415). - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353 FATE#326415). - net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353 FATE#326415). - net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353 FATE#326415). - net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353 FATE#326415). - net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353 FATE#326415). - net: hns3: fix flow control configure issue for fibre port (bsc#1104353 FATE#326415). - net: hns3: fix for dereferencing before null checking (bsc#1104353 FATE#326415). - net: hns3: fix for skb leak when doing selftest (bsc#1104353 FATE#326415). - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353 FATE#326415). - net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353 FATE#326415). - net: hns3: fix some coding style issues (bsc#1104353 FATE#326415). - net: hns3: fix VLAN filter restore issue after reset (bsc#1104353 FATE#326415). - net: hns3: fix wrong size of mailbox responding data (bsc#1104353 FATE#326415). - net: hns3: free irq when exit from abnormal branch (bsc#1104353 FATE#326415). - net: hns3: handle empty unknown interrupt (bsc#1104353 FATE#326415). - net: hns3: initialize CPU reverse mapping (bsc#1104353 FATE#326415). - net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353 FATE#326415). - net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353 FATE#326415). - net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353 FATE#326415). - net: hns3: modify hclge_init_client_instance() (bsc#1104353 FATE#326415). - net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 FATE#326415). - net: hns3: optimize the CSQ cmd error handling (bsc#1104353 FATE#326415). - net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353 FATE#326415). - net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 FATE#326415). - net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353 FATE#326415). - net: hns3: refine the flow director handle (bsc#1104353 FATE#326415). - net: hns3: remove override_pci_need_reset (bsc#1104353 FATE#326415). - net: hns3: remove redundant core reset (bsc#1104353 FATE#326415). - net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353 FATE#326415). - net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353 FATE#326415). - net: hns3: remove unused linkmode definition (bsc#1104353 FATE#326415). - net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353 FATE#326415). - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353 FATE#326415). - net: hns3: re-schedule reset task while VF reset fail (bsc#1104353 FATE#326415). - net: hns3: set default value for param 'type' in hclgevf_bind_ring_to_vector (bsc#1104353 FATE#326415). - net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353 FATE#326415). - net: hns3: set ops to null when unregister ad_dev (bsc#1104353 FATE#326415). - net: hns3: set the port shaper according to MAC speed (bsc#1104353 FATE#326415). - net: hns3: small changes for magic numbers (bsc#1104353 FATE#326415). - net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 FATE#326415). - net: hns3: some modifications to simplify and optimize code (bsc#1104353 FATE#326415). - net: hns3: some variable modification (bsc#1104353 FATE#326415). - net: hns3: stop schedule reset service while unloading driver (bsc#1104353 FATE#326415). - net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353 FATE#326415). - net: hns3: trigger VF reset if a VF has an over_8bd_nfe_err (bsc#1104353 FATE#326415). - net: hns3: typo in the name of a constant (bsc#1104353 FATE#326415). - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353 FATE#326415). - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353 FATE#326415). - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353 FATE#326415). - net: hns3: use macros instead of magic numbers (bsc#1104353 FATE#326415). - net: hns: add support for vlan TSO (bsc#1104353 FATE#326415). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: always initialize frag->last_in_page (bsc#1103990 FATE#326006). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5: Fix modify_cq_in alignment (bsc#1103990 FATE#326006). - net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113 FATE#326472). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: phylink: Fix flow control for fixed-link (bsc#1119113 FATE#326472). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - {nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - PCI: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (FATE#322447, bsc#1078248, git-fixes). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509 FATE#327775). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (FATE#326869, bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (fate#321438, bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, fate#322448, git-fixes). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (FATE#322438, bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706). - raid5-cache: Need to do start() part job after adding journal device (git fixes). - RDMA/hns: Add mtr support for mixed multihop addressing (bsc#1104427 FATE#326416). - RDMA/hns: Bugfix for calculating qp buffer size (bsc#1104427 FATE#326416). - RDMA/hns: Bugfix for filling the sge of srq (bsc#1104427 FATE#326416). - RDMA/hns: Do not stuck in endless timeout loop (bsc#1104427 FATE#326416). - RDMA/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427 FATE#326416). - RDMA/hns: fix inverted logic of readl read and shift (bsc#1104427 FATE#326416). - RDMA/hns: Fixs hw access invalid dma memory error (bsc#1104427 FATE#326416). - RDMA/hns: Fixup qp release bug (bsc#1104427 FATE#326416). - RDMA/hns: Modify ba page size for cqe (bsc#1104427 FATE#326416). - RDMA/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427 FATE#326416). - RDMA/hns: Remove unnecessary print message in aeq (bsc#1104427 FATE#326416). - RDMA/hns: Replace magic numbers with #defines (bsc#1104427 FATE#326416). - RDMA/hns: reset function when removing module (bsc#1104427 FATE#326416). - RDMA/hns: Set reset flag when hw resetting (bsc#1104427 FATE#326416). - RDMA/hns: Use %pK format pointer print (bsc#1104427 FATE#326416). - refresh: soc: fsl: guts: Add definition for LX2160A (fate#326572). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Remove qla2xxx-specific symbols kABI workarounds. In SLE15 1d5e8aad6de2285a00b4e1f2c5ea64a41e74bb7b adds kABI whitelists for drivers/scsi/qla2xxx/* because these symbols are internal to the driver. This entry was dropped from 15 SP1 during a kabi/severities cleanup and we grew a few needless kABI hacks to fix these symbols. Remove them again since the commit is cherry-picked on SP1. - Replace lpfc patch with upstream version - Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510). - Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510). - Revert 'dm bufio: fix deadlock with loop device' (git fixes). - Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3. Revert it until a proper fix is found. - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patch (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes). - Revert 'scsi: prefix header search paths with $(srctree)/ (bsc#1136346' This reverts commit 5f679430713da59f5367aa9499e544e6187ac17c. Reverting this commit fixes build for me. - Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510). - rtc: pcf8563: Fix interrupt trigger method (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698). - scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698). - scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698). - scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582). - scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582). - scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582). - scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582). - scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxgb4i: fix incorrect spelling 'reveive' -> 'receive' (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308). - scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215). - scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215). - scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215). - scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215). - scsi: lpfc: Avoid unused function warnings (bsc#1148308). - scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215). - scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308). - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308). - scsi: lpfc: Default fdmi_on to on (bsc#1148308). - scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215). - scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215). - scsi: lpfc: Fix coverity warnings (bsc#1146215). - scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215). - scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215). - scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215). - scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215). - scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215). - scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215). - scsi: lpfc: Fix ELS field alignments (bsc#1146215). - scsi: lpfc: Fix error in remote port address change (bsc#1146215). - scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215). - scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215). - scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215). - scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215). - scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215). - scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215). - scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215). - scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215). - scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215). - scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215). - scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215). - scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215). - scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215). - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215). - scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215). - scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375). - scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215). - scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215). - scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215). - scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215). - scsi: lpfc: Limit xri count for kdump environment (bsc#1146215). - scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308). - scsi: lpfc: Make some symbols static (bsc#1148308). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215). - scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308). - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308). - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308). - scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215). - scsi: lpfc: remove null check on nvmebuf (bsc#1148308). - scsi: lpfc: remove ScsiResult macro (bsc#1148308). - scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308). - scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375). - scsi: lpfc: resolve lockdep warnings (bsc#1148308). - scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215). - scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215). - scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308). - scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962). - scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709). - scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change data_dsd into an array (bsc#1143706). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix stale session (bsc#1143706). - scsi: qla2xxx: Fix stuck login session (bsc#1143706). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706). - scsi: qla2xxx: Modify NVMe include directives (bsc#1143706). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706). - scsi: qla2xxx: Remove dead code (bsc#1143706). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706). - scsi: qla2xxx: Remove two superfluous tests (bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Simplify a debug statement (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706). - scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - SMB: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - SMB: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - SMB: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Remove duplicate entries - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837). - tools: bpftool: fix error message (prog -> object) (bsc#1109837). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tun: mark small packets as owned by the tap sock (bsc#1109837). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update config files. - cifs: smbd: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - update internal version number for cifs.ko (bsc#1144333). - Update patches.fixes/0001-docs-Fix-conf.py-for-Sphinx-2.0.patch (bsc#1135642). Fix patch header. - Update patches.fixes/MD-fix-invalid-stored-role-for-a-disk-try2.patch (bsc#1143765). - Update patches.fixes/tracing-Fix-bad-use-of-igrab-in-trace_uprobe.c.patch (bsc#1120046, bsc#1146141). - Update patches.suse/ceph-remove-request-from-waiting-list-before-unregister.patch (bsc#1148133 bsc#1138539). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666). - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666). - usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - virtio/s390: fix race on airq_areas (bsc#1145357). - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/dma: Get rid of iommu_pass_through (bsc#1136039). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xdp: unpin xdp umem pages in error path (bsc#1109837). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1082635 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1103990 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104745 SUSE bug 1104902 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112374 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1113994 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1119113 SUSE bug 1120046 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1123105 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131489 SUSE bug 1131565 SUSE bug 1134291 SUSE bug 1134476 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135990 SUSE bug 1136039 SUSE bug 1136261 SUSE bug 1136346 SUSE bug 1136349 SUSE bug 1136496 SUSE bug 1136498 SUSE bug 1136682 SUSE bug 1137322 SUSE bug 1137323 SUSE bug 1137884 SUSE bug 1138099 SUSE bug 1138100 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1140012 SUSE bug 1140487 SUSE bug 1141340 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1143300 SUSE bug 1143331 SUSE bug 1143706 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1143962 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144375 SUSE bug 1144582 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145018 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145256 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145357 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145446 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1145946 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146141 SUSE bug 1146163 SUSE bug 1146215 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148219 SUSE bug 1148297 SUSE bug 1148303 SUSE bug 1148308 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148570 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1133534 SUSE bug 1141861 SUSE bug 1141862 SUSE bug 1146098 SUSE bug 1146105 SUSE bug 1146107 SUSE bug 1149943 SUSE bug 1149944 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for varnish fixes the following issues: Security issue fixed: - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests (boo#1149382). Non-security issues fixed: - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart the worker process if scheduling tasks onto worker threads appears stuck. The new parameter 'thread_pool_watchdog' configures it. - Disabled error for clobbering, which caused bogus error in varnishtest. Moderate SUSE bug 1149382 CVE-2019-15892 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for links fixes the following issues: links was updated to 2.20.1: * libevent bug fixes links was updated to 2.20: * Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with rel=dns-prefetch boo#1149886 * stability improvements * file urls support local hostnames * mouse support improvement * improve interaction with Google * Support the zstd compression algorithm * Use proper cookie expiry links was updated to 2.19: * Fixed a crash on invalidn IDN URLs * Make font selection possible via fontconfig * Show certificate authority in Document info box * Use international error messages * The -dump switch didn't report errors on stdout write links was updated to 2.18: * Automatically enable tor mode when the socks port is 9050 * When in tor mode, invert colors on top line and bottom line * Fix an incorrect shift in write_ev_queue * Fix runtime error sanitizer warning * Add a menu entry to save and load a clipboard * Don't synch with Xserver on every pixmap load * Fix 'Network Options' bug that caused a timeout * Fix a possible integer overflow in decoder_memory_expand * Fix possible pointer arithmetics bug if os allocated few bytes * Add a button to never accept invalid certs for a given server * Fix incorrect strings -html-t-text-color * Add ascii replacement of Romanian S and T with comma * Fix a bug when IPv6 control connection to ftp server fails links was updated to 2.17: * Fix verifying SSL certificates for numeric IPv6 addresses * Delete the option -ftp.fast - it doesn't always work and ftp performance is not an issue anymore * Add bold and monospaced Turkish letter 'i' without a dot * On OS/2 allocate OpenSSL memory fro the lower heap. It fixes SSL on systems with old 16-bit TCP/IP stack * Fix IPv6 on OpenVMS Alpha * Support mouse scroll wheel in textarea * Delete the option -http-bugs.bug-302-redirect - RFC7231 allows the 'buggy' behavior and defines new codes 307 and 308 that retain the post data * X11 - fixed colormap leak when creating a new window * Fixed an infinite loop that happened in graphics mode if the user clicked on OK in 'Miscellaneous options' dialog and more than one windows were open. This bug was introduced in Links 2.15 * Support 6x6x6 RGB palette in 256-bit color mode on framebuffer * Implement dithering properly on OS/2 in 15-bit and 16-bit color mode. In 8-bit mode, Links may optionally use a private palette - it improves visual quality of Links images, but degrades visual quality of other concurrently running programs. * Improve scrolling smoothness when the user drags the whole document * On OS/2, allocate large memory blocks directly (not with malloc). It reduces memory waste * Fixed a bug that setting terminal title and resizing a terminal didn't work on OS/2 and Windows. The bug was introduced in Links 2.16 when shutting up coverity warnings * Set link color to yellow by default * Delete the option -http-bugs.bug-post-no-keepalive. It was needed in 1999 to avoid some bug in some http server and it is not needed anymore * Trust Content-Length on HTTP/1.0 redirect requests. This fixes hangs with misbehaving servers that honor Connection:keep-alive but send out HTTP/1.0 reply without Connection: keep-alive. Links thought that they don't support keep-alive and waited for the connection to close (for example http://www.raspberrypi.org) * Use keys 'H' and 'L' to select the top and bottom link on the current page links was updated to 2.16: * Improve handling of the DELETE key * Implement the bracketed paste mode * Fix various bugs found by coverity * Fix a crash in proxy authentication code * Fixed internal error 'invalid set_handlers call' on framebuffer if links is suspend and terminate at the same time Moderate SUSE bug 1149886 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to version 77.0.3865.90 fixes the following issues: - CVE-2019-13685: Fixed a use-after-free in UI. (boo#1151229) - CVE-2019-13688: Fixed a use-after-free in media. (boo#1151229) - CVE-2019-13687: Fixed a use-after-free in media. (boo#1151229) - CVE-2019-13686: Fixed a use-after-free in offline pages. (boo#1151229) Important SUSE bug 1151229 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update includes fish3 into the openSUSE Leap 15.1 distribution. Moderate CVE-2014-2905 CVE-2014-2906 CVE-2014-2914 CVE-2014-3219 CVE-2014-3856 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ibus fixes the following issues: - CVE-2019-14822: Fixed misconfiguration of the DBus server allows to unprivileged user could monitor and send method calls to the ibus bus of another user (bsc#1150011). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1135350 SUSE bug 1148742 CVE-2017-18594 CVE-2018-15173 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) This update was imported from SUSE:SLE-15:Update. Moderate SUSE bug 1096945 SUSE bug 1100691 SUSE bug 1133283 SUSE bug 1134978 CVE-2018-1000622 CVE-2019-12083 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1149429 CVE-2019-15903 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mosquitto fixes the following issues: - CVE-2019-11779: Fixed insufficient parsing of SUBSCRIBE packets that could lead to a stack overflow (bsc#1151494). Moderate SUSE bug 1151494 CVE-2019-11779 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 fixes the following issues: Security issues fixed: - CVE-2019-8673, CVE-2019-8678, CVE-2019-8686, CVE-2019-8683, CVE-2019-8671, CVE-2019-8595, CVE-2019-8684, CVE-2019-8681, CVE-2019-8615, CVE-2019-8689, CVE-2019-8680, CVE-2019-8672, CVE-2019-8676, CVE-2019-8666, CVE-2019-8644, CVE-2019-8658, CVE-2019-8690, CVE-2019-8688, CVE-2019-8649, CVE-2019-8679, CVE-2019-8687, CVE-2019-8669, CVE-2019-8677, CVE-2019-8607 (bsc#1148931). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin to 4.9.1 fixes the following issues: Security issue fixed: - CVE-2019-12922: Fixed CSRF issue that allowed deletion of any server in the Setup page. (boo#1150914) Moderate SUSE bug 1150914 CVE-2019-12922 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libopenmpt fixes the following issues: Security issues fixed: - CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578). - CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581). - CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584). - CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143578 SUSE bug 1143581 SUSE bug 1143582 SUSE bug 1143584 CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1146569 SUSE bug 1146571 SUSE bug 1146572 SUSE bug 1146702 CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1129180 SUSE bug 1129186 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844). - CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141844 SUSE bug 1142031 CVE-2019-13616 CVE-2019-13626 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1149203 CVE-2019-6446 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 CVE-2019-9511 CVE-2019-9513 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). - CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1144656 SUSE bug 1144675 CVE-2019-13104 CVE-2019-13106 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1096945 SUSE bug 1100691 SUSE bug 1133283 SUSE bug 1134978 CVE-2018-1000622 CVE-2019-12083 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for lxc fixes the following issues: Update to lxc 3.2.1. The changelog can be found at https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322 + seccomp: support syscall forwarding to userspace + add lxc.seccomp.allow_nesting + pidfd: Add initial support for the new pidfd api * Many hardening improvements. * Use /sys/kernel/cgroup/delegate file for cgroup v2. * Fix CVE-2019-5736 equivalent bug. - fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762) Moderate SUSE bug 1131762 CVE-2019-5736 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird to version 68.1.1 fixes the following issues: - CVE-2019-11709: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11711: Fixed a script injection within domain through inner window reuse. (bsc#1140868) - CVE-2019-11712: Fixed an insufficient validation of cross-origin POST requests within NPAPI plugins. (bsc#1140868) - CVE-2019-11713: Fixed a use-after-free with HTTP/2 cached stream. (bsc#1140868) - CVE-2019-11714: Fixed a crash in NeckoChild. (bsc#1140868) - CVE-2019-11715: Fixed an HTML parsing error that can contribute to content XSS. (bsc#1140868) - CVE-2019-11716: Fixed an enumeration issue in globalThis. (bsc#1140868) - CVE-2019-11717: Fixed an improper escaping of the caret character in origins. (bsc#1140868) - CVE-2019-11719: Fixed an out-of-bounds read when importing curve25519 private key. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed domain spoofing through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed a permissions issue with the retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a SafeBrowsing bypass through WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed an insufficient validation for PKCS#1 v1.5 signatures being used with TLS 1.3. (bsc#1140868) - CVE-2019-11728: Fixed port scanning through Alt-Svc header. (bsc#1140868) - CVE-2019-11729: Fixed a segmentation fault due to empty or malformed p256-ECDH public keys. (bsc#1140868) - CVE-2019-11730: Fixed an insufficient enforcement of the same-origin policy that treats all files in a directory as having the same-origin. (bsc#1140868) - CVE-2019-11739: Fixed a Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message. (bsc#1150939) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation with SVG filters and canvas that enabled theft of cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a cross-origin access issue. (bsc#1149298) - CVE-2019-11744: Fixed a XSS involving breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11755: Fixed an insufficient validation of S/MIME messages that allowed the author to be spoofed. (bsc#1152375) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1140868 SUSE bug 1141322 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1150939 SUSE bug 1152375 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11755 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox to 68.1 fixes the following issues: Security issues fixed: - CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. (bsc#1141322) - CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868) - CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665) - CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293) - CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292) - CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) Non-security issues fixed: - Latest update now also released for s390x. (bsc#1109465) - Fixed a segmentation fault on s390vsl082. (bsc#1117473) - Fixed a crash on SLES15 s390x. (bsc#1124525) - Fixed a segmentation fault. (bsc#1133810) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1138688 SUSE bug 1140868 SUSE bug 1141322 SUSE bug 1145665 SUSE bug 1149292 SUSE bug 1149293 SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149302 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149323 CVE-2019-11710 CVE-2019-11714 CVE-2019-11716 CVE-2019-11718 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bind fixes the following issues: Security issue fixed: - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1138687 CVE-2019-6471 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1131291 SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Non-security issue fixed: - Drop -n from php invocation from pecl (bsc#1151793). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1145095 SUSE bug 1146360 SUSE bug 1151793 CVE-2019-11041 CVE-2019-11042 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for putty to version 0.73 fixes the following issues: - CVE-2019-17068: Fixed the insufficient handling of terminal escape sequences, that should delimit the pasted data in bracketed paste mode (boo#1152753). - CVE-2019-17069: Fixed a possible information leak caused by SSH-1 disconnection messages (boo#1152753). Moderate SUSE bug 1152753 CVE-2019-17068 CVE-2019-17069 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. (bsc#1145559) - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel (bsc#1133625). - CVE-2019-11494: Fixed a denial of service if the authentication is aborted by disconnecting (bsc#1133624). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1133624 SUSE bug 1133625 SUSE bug 1145559 CVE-2019-11494 CVE-2019-11499 CVE-2019-11500 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1117507 SUSE bug 1117508 CVE-2018-19540 CVE-2018-19541 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1096945 SUSE bug 1100691 SUSE bug 1133283 SUSE bug 1134978 CVE-2018-1000622 CVE-2019-12083 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1150137 CVE-2019-16168 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libopenmpt to version 0.3.19 fixes the following issues: - CVE-2019-17113: Fixed a buffer overflow in ModPlug_InstrumentName and ModPlug_SampleName (bsc#1153102). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1153102 CVE-2019-17113 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). The following non-security bugs were fixed: - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_request_completed() (bsc#1149446). - blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - Compile nvme.ko as module (bsc#1150846) - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: caam/qi - fix error handling in ERN handler (bsc#1111666). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - floppy: fix usercopy direction (bsc#1111666). - git-sort: add nfsd maintainers git tree This allows git-sort to handle patches queued for nfsd. - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666). - i40e: Add support for X710 device (bsc#1151067). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu: Do not use sme_active() in generic code (bsc#1151661). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - isdn/capi: check message length in capi_write() (bsc#1051510). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI protect struct vmem_altmap (bsc#1150305). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305). - libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982). - lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: do not abort completed request in nvme_cancel_request (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: remove redundant reference between ib_device and tagset (bsc#149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme-rdma: use dynamic dma mapping per command (bsc#1149446). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-tcp: fix timeout handler (bsc#1149446). - nvme: wait until all completed request's complete fn is called (bsc#1149446). - PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525). - PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525). - PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set} (bsc#1152243 ltc#181472). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - Refresh scsi-qla2xxx-Capture-FW-dump-on-MPI-heartbeat-stop-e.patch 882ffc9f07fb ('scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).') placed the 'vha->hw->fw_dump_mpi = 0' assigment into the __CHECKER__ section. Upstream placed the assigment before this section. - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Remove patches.kabi/kABI-fixes-for-qla2xxx-Fix-inconsistent-DMA-mem-allo.patch The qla2xxx driver has been whitelisted by 1d5e8aad6de2 ('kabi/severities: ignore qla2xxx as all symbols are internal') - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - rtlwifi: Fix file release memory leak (bsc#1111666). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138). - supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - team: Add vlan tx offload to hw_enc_features (bsc#1051510). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666). - tun: fix use-after-free when register netdev failed (bsc#1111666). - Update patches.suse/ext4-unsupported-features.patch (SLE-8615, bsc#1149651, SLE-9243). - Update patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch (bsc#1054914, git-fixes). - Update s390 config files (bsc#1151192). - VFIO_CCW=m - S390_CCW_IOMMU=y - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - vhost/test: fix build for vhost test (bsc#1111666). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - wcn36xx: use dynamic allocation for large variables (bsc#1111666). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xsk: avoid store-tearing when assigning queues (bsc#1111666). - xsk: avoid store-tearing when assigning umem (bsc#1111666). Important SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1111666 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1119086 SUSE bug 1123034 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1137069 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1137982 SUSE bug 1140155 SUSE bug 1141013 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1146042 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150305 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150846 SUSE bug 1151067 SUSE bug 1151192 SUSE bug 1151350 SUSE bug 1151610 SUSE bug 1151661 SUSE bug 1151662 SUSE bug 1151667 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152187 SUSE bug 1152243 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152525 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-9506 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 77.0.3865.120 (boo#1153660): - CVE-2019-13693: Fixed a use-after-free in IndexedDB - CVE-2019-13694: Fixed a use-after-free in WebRTC - CVE-2019-13695: Fixed a use-after-free in audio - CVE-2019-13696: Fixed a use-after-free in V8 - CVE-2019-13697: Fixed a cross-origin size leak. - Fixed an issue with the video playback on Intel Kaby Lake and later (boo#1146219). Important SUSE bug 1146219 SUSE bug 1153660 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for GraphicsMagick fixes the following issues: - CVE-2019-16709: Fixed a memory leak in coders/dps.c (boo#1151782). Moderate SUSE bug 1151782 CVE-2019-16709 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for epiphany fixes the following issues: - CVE-2018-11396: Fixed a JavaScript crash when an invalid URI is opened (boo#1094464). Moderate SUSE bug 1094464 CVE-2018-11396 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1089524 SUSE bug 1134078 SUSE bug 1136572 CVE-2019-6470 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for lighttpd to version 1.4.54 fixes the following issues: Security issues fixed: - CVE-2018-19052: Fixed a path traversal in mod_alias (boo#1115016). - Changed the default TLS configuration of lighttpd for better security out-of-the-box (boo#1087369). Moderate SUSE bug 1087369 SUSE bug 1111733 SUSE bug 1115016 SUSE bug 1153722 CVE-2018-19052 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098). - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098). - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098). - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098). - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098). - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098). - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098). - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098). - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098). - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098). - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098). - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098). - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098). - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098). - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098). - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098). - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098). - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098). - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098). - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098). - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098). - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN (bsc#1153098). - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098). - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098). - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1068716 SUSE bug 1153098 SUSE bug 1153332 CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-1010220 CVE-2019-15166 CVE-2019-15167 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1071995 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1148517 SUSE bug 1149145 CVE-2019-14250 CVE-2019-15847 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openconnect fixes the following issues: - CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1151178 CVE-2019-16239 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840) - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1130840 SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 CVE-2019-9947 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1150114 CVE-2019-16167 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-16548: Prevented memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. (bsc#1107424) Other issue addressed: - Prevented a division by zero (bsc#1129403). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1107424 SUSE bug 1129403 CVE-2018-16548 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1153936 CVE-2019-17543 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium, re2 fixes the following issues: Chromium was updated to 78.0.3904.70 boo#1154806: * CVE-2019-13699: Use-after-free in media * CVE-2019-13700: Buffer overrun in Blink * CVE-2019-13701: URL spoof in navigation * CVE-2019-13702: Privilege elevation in Installer * CVE-2019-13703: URL bar spoofing * CVE-2019-13704: CSP bypass * CVE-2019-13705: Extension permission bypass * CVE-2019-13706: Out-of-bounds read in PDFium * CVE-2019-13707: File storage disclosure * CVE-2019-13708: HTTP authentication spoof * CVE-2019-13709: File download protection bypass * CVE-2019-13710: File download protection bypass * CVE-2019-13711: Cross-context information leak * CVE-2019-15903: Buffer overflow in expat * CVE-2019-13713: Cross-origin data leak * CVE-2019-13714: CSS injection * CVE-2019-13715: Address bar spoofing * CVE-2019-13716: Service worker state error * CVE-2019-13717: Notification obscured * CVE-2019-13718: IDN spoof * CVE-2019-13719: Notification obscured * Various fixes from internal audits, fuzzing and other initiatives - Use internal resources for icon and appdata Important SUSE bug 1154806 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-15903 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 78.0.3904.87 boo#1155643: * CVE-2019-13721: Use-after-free in PDFium * CVE-2019-13720: Use-after-free in audio Important SUSE bug 1155643 CVE-2019-13720 CVE-2019-13721 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for binutils fixes the following issues: binutils was updated to current 2.32 branch [jsc#ECO-368]. Includes following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO build issues (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section - Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016). - Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590). Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Fix broken debug symbols (bsc#1118644) - Handle ELF compressed header alignment correctly. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118644 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 SUSE bug 1152590 SUSE bug 1154016 SUSE bug 1154025 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-1010180 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1152308 CVE-2019-16884 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 to 3.6.9 fixes the following issues: Security issues fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Non-security issues fixed: - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490) - Improved locale handling by implementing PEP 538. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1149121 SUSE bug 1149792 SUSE bug 1149955 SUSE bug 1151490 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1154999 CVE-2019-11043 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for provides the following fixes: Following security issues were fixed: - CVE-2019-14847: User with 'get changes' permission could have crashed AD DC LDAP server via dirsync (bsc#1154598). - CVE-2019-10218: Client code could have returned filenames containing path separators (bsc#1144902). - CVE-2019-14833: Accent with 'check script password' where Samba AD DC check password script did not receive the full password (bsc#1154289). Also following non-security issues were fixed: - Fix auth problems when printing via smbspool backend with kerberos. (bsc#1148539) - Fix broken username/password authentication with CUPS and smbspool. (bsc#1152143) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1144902 SUSE bug 1148539 SUSE bug 1152143 SUSE bug 1154289 SUSE bug 1154598 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-16995: A memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c. if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685). - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457). - CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound check, leading to a buffer overflow (bnc#1154372). - CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465). - CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452). - CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158). - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add Acer Aspire Ethos 8951G model quirk (bsc#1051510). - Add kernel module compression support (bsc#1135854) - ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker (bsc#1051510). - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda - Force runtime PM on Nvidia HDMI codecs (bsc#1051510). - ALSA: hda/hdmi - Do not report spurious jack state changes (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Add support for ALC711 (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek - PCI quirk for Medion E4254 (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add DSD support for EVGA NU Audio (bsc#1051510). - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Clean up check_input_term() (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: DSD auto-detection for Playback Designs (bsc#1051510). - ALSA: usb-audio: fix PCM device order (bsc#1051510). - ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() (bsc#1051510). - ALSA: usb-audio: More validations of descriptor units (bsc#1051510). - ALSA: usb-audio: remove some dead code (bsc#1051510). - ALSA: usb-audio: Remove superfluous bLength checks (bsc#1051510). - ALSA: usb-audio: Simplify parse_audio_unit() (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - ALSA: usb-audio: Unify audioformat release code (bsc#1051510). - ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects (bsc#1051510). - ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - Blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667) - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bnxt_en: Add PCI IDs for 57500 series NPAR devices (bsc#1153607). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: do not dma memory off of the stack (bsc#1152790). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense - /dev/mem: Bail out upon SIGKILL (git-fixes). - drm: add __user attribute to ptr_to_compat() (bsc#1111666). - drm/amd/display: fix issue where 252-255 values are clipped (bsc#1111666). - drm/amd/display: reprogram VM config when system resume (bsc#1111666). - drm/amd/display: Restore backlight brightness after system resume (bsc#1112178) - drm/amd/display: support spdif (bsc#1111666). - drm/amd/dm: Understand why attaching path/tile properties are needed (bsc#1111666). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu: Fix KFD-related kernel oops on Hawaii (bsc#1111666). - drm/amdgpu/gfx9: Update gfx9 golden settings (bsc#1111666). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amdgpu: Update gc_9_0 golden settings (bsc#1111666). - drm/amdkfd: Add missing Polaris10 ID (bsc#1111666). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/amd/pp: Fix truncated clock value when set watermark (bsc#1111666). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors (bsc#1111666). - drm/atomic_helper: Disallow new modesets on unregistered connectors (bsc#1111666). - drm/atomic_helper: Stop modesets on unregistered connectors harder (bsc#1111666). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm/bridge: tfp410: fix memleak in get_modes() (bsc#1111666). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Cleanup gt powerstate from gem (bsc#1111666). - drm/i915: Fix intel_dp_mst_best_encoder() (bsc#1111666). - drm/i915/gvt: update vgpu workload head pointer correctly (bsc#1112178) - drm/i915: Restore sane defaults for KMS on GEM error load (bsc#1111666). - drm/mediatek: set DMA max segment size (bsc#1111666). - drm/msm/dsi: Fix return value check for clk_get_parent (bsc#1111666). - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling (bsc#1111666). - drm/nouveau/kms/nv50-: Do not create MSTMs for eDP connectors (bsc#1112178) - drm/nouveau/volt: Fix for some cards having 0 maximum voltage (bsc#1111666). - drm/omap: fix max fclk divider for omap36xx (bsc#1111666). - drm/panel: check failure cases in the probe func (bsc#1111666). - drm/panel: make drm_panel.h self-contained (bsc#1111666). - drm: panel-orientation-quirks: Add extra quirk table entry for GPD MicroPC (bsc#1111666). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed (bsc#1111666). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm: rcar-du: lvds: Fix bridge_to_rcar_lvds (bsc#1111666). - drm/rockchip: Check for fast link training before enabling psr (bsc#1111666). - drm/stm: attach gem fence to atomic state (bsc#1111666). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - e1000e: add workaround for possible stalled packet (bsc#1051510). - efi/arm: Show SMBIOS bank/device location in CPER and GHES error logs (bsc#1152033). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: fix error message in hid_open_report() (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: ca8210: prevent memory leak (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (bsc#1111666). - ixgbe: Fix secpath usage for IPsec TX offload (bsc#1113994 bsc#1151807). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_connector.registered type changes (bsc#1111666). - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - libnvdimm/security: provide fix for secure-erase to use zero-key (bsc#1149853). - lpfc: Add additional discovery log messages (bsc#1154521). - lpfc: Add FA-WWN Async Event reporting (bsc#1154521). - lpfc: Add FC-AL support to lpe32000 models (bsc#1154521). - lpfc: Add log macros to allow print by serverity or verbocity setting (bsc#1154521). - lpfc: Fix bad ndlp ptr in xri aborted handling (bsc#1154521). - lpfc: fix coverity error of dereference after null check (bsc#1154521). - lpfc: Fix hardlockup in lpfc_abort_handler (bsc#1154521). - lpfc: Fix lockdep errors in sli_ringtx_put (bsc#1154521). - lpfc: fix lpfc_nvmet_mrq to be bound by hdw queue count (bsc#1154521). - lpfc: Fix reporting of read-only fw error errors (bsc#1154521). - lpfc: Fix SLI3 hba in loop mode not discovering devices (bsc#1154521). - lpfc: Make FW logging dynamically configurable (bsc#1154521). - lpfc: Remove lock contention target write path (bsc#1154521). - lpfc: Revise interrupt coalescing for missing scenarios (bsc#1154521). - lpfc: Slight fast-path Performance optimizations (bsc#1154521). - lpfc: Update lpfc version to 12.6.0.0 (bsc#1154521). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - mac80211: Reject malformed SSID elements (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - objtool: Clobber user CFLAGS variable (bsc#1153236). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - packaging: add support for riscv64 - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - pinctrl: cherryview: restore Strago DMI workaround for all versions (bsc#1111666). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: i2c-multi-instantiate: Derive the device name from parent (bsc#1111666). - platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (bsc#1111666). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerplay: Respect units on max dcfclk watermark (bsc#1111666). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - rds: Fix warning (bsc#1154848). - Revert 'drm/amd/display: Fix underscan not using proper scaling' (bsc#1111666). - Revert 'drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD' (bsc#1111666). - Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510). - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - scsi: lpfc: Check queue pointer before use (bsc#1154242). - scsi: lpfc: cleanup: remove unused fcp_txcmlpq_cnt (bsc#1154521). - scsi: lpfc: Complete removal of FCoE T10 PI support on SLI-4 adapters (bsc#1154521). - scsi: lpfc: Convert existing %pf users to %ps (bsc#1154521). - scsi: lpfc: Fix coverity errors on NULL pointer checks (bsc#1154521). - scsi: lpfc: Fix device recovery errors after PLOGI failures (bsc#1154521). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: lpfc: Fix discovery failures when target device connectivity bounces (bsc#1154521). - scsi: lpfc: Fix GPF on scsi command completion (bsc#1154521). - scsi: lpfc: Fix hdwq sgl locks and irq handling (bsc#1154521). - scsi: lpfc: Fix host hang at boot or slow boot (bsc#1154521). - scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq (bsc#1154521). - scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq (bsc#1154521). - scsi: lpfc: Fix locking on mailbox command completion (bsc#1154521). - scsi: lpfc: Fix miss of register read failure check (bsc#1154521). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix NVMe ABTS in response to receiving an ABTS (bsc#1154521). - scsi: lpfc: Fix NVME io abort failures causing hangs (bsc#1154521). - scsi: lpfc: Fix premature re-enabling of interrupts in lpfc_sli_host_down (bsc#1154521). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs (bsc#1154521). - scsi: lpfc: Fix rpi release when deleting vport (bsc#1154521). - scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd() (bsc#1154521). - scsi: lpfc: Make function lpfc_defer_pt2pt_acc static (bsc#1154521). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: remove left-over BUILD_NVME defines (bsc#1154268). - scsi: lpfc: Update async event logging (bsc#1154521). - scsi: lpfc: Update lpfc version to 12.4.0.1 (bsc#1154521). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - Sign non-x86 kernels when possible (boo#1134303) - skge: fix checksum byte order (networking-stable-19_09_30). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: bcm2835-audio: Fix draining behavior regression (bsc#1111666). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - Update patches.suse/NFSv4-Check-the-return-value-of-update_open_stateid.patch (boo#1154189 bsc#1154747). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1066129 SUSE bug 1073513 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1109158 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1113994 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137040 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146612 SUSE bug 1148410 SUSE bug 1149853 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151508 SUSE bug 1151807 SUSE bug 1152033 SUSE bug 1152624 SUSE bug 1152685 SUSE bug 1152788 SUSE bug 1152790 SUSE bug 1152791 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153607 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1153969 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154242 SUSE bug 1154268 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154521 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154737 SUSE bug 1154747 SUSE bug 1154848 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE: - Moved extensions preferences to core package (bsc#1153869). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1104841 SUSE bug 1129528 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1151186 SUSE bug 1153423 SUSE bug 1153869 SUSE bug 1154738 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird to version 68.2.1 provides the following fixes: - Security issues fixed (bsc#1154738): * CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). * CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). * CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). * CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). * CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). * CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). * CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). * CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). * CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Other fixes (bsc#1153879): * Some attachments couldn't be opened in messages originating from MS Outlook 2016. * Address book import from CSV. * Performance problem in message body search. * Ctrl+Enter to send a message would open an attachment if the attachment pane had focus. * Calendar: Issues with 'Today Pane' start-up. * Calendar: Glitches with custom repeat and reminder number input. * Calendar: Problems with WCAP provider. * A language for the user interface can now be chosen in the advanced settings * Fixed an issue with Google authentication (OAuth2) * Fixed an issue where selected or unread messages were not shown in the correct color in the thread pane under some circumstances * Fixed an issue where when using a language pack, names of standard folders were not localized (bsc#1149126) * Fixed an issue where the address book default startup directory in preferences panel not persisted * Fixed various visual glitches * Fixed issues with the chat * Fixed building with rust >= 1.38. * Fixrd LTO build without PGO. * Removed kde.js since disabling instantApply breaks extensions and is now obsolete with the move to HTML views for preferences. (bsc#1151186) * Updated create-tar.sh. (bsc#1152778) * Deactivated the crashreporter for the last remaining arch. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1149126 SUSE bug 1149429 SUSE bug 1151186 SUSE bug 1152778 SUSE bug 1153879 SUSE bug 1154738 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gdal to version 2.4.3 fixes the following issues: gdal was updated to 2.4.3: - CVE-2019-17545: Fixed a double free vulnerability in OGRExpatRealloc (boo#1153918). - Multiple bug and stability fixes For more information regarding the release at: https://trac.osgeo.org/gdal/wiki/Release/2.4.3-News Moderate SUSE bug 1153918 CVE-2019-17545 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1153165 SUSE bug 1154217 CVE-2019-14853 CVE-2019-14859 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bcm20702a1-firmware fixes the following issues: Changes in bcm20702a1-firmware: - Use https to fetch the archive to avoid person-in-the-middle attacks (boo#1154083) - Fetch & install another variant firmware (0a5c:21e8) (boo#1087996) Moderate SUSE bug 1087996 SUSE bug 1154083 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368] This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes (bsc#1153666). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1153666 CVE-2019-14857 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Other issue addressed: - Fixed an issue where rsyslog was SEGFAULT due to a mutex double-unlock (bsc#1141063). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141063 SUSE bug 1153451 SUSE bug 1153459 CVE-2019-17041 CVE-2019-17042 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: drivers/net/fjes/fjes_main.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21 (bnc#1152782). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - ALSA: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: firewire-motu: add support for MOTU 4pre (bsc#1111666). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/realtek - Add support for ALC623 (bsc#1051510). - ALSA: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510). - ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1111666). - ALSA: usb-audio: Fix copy&paste error in the validator (bsc#1111666). - arm64: Add decoding macros for CP15_32 and CP15_64 traps (jsc#ECO-561). - arm64: Add part number for Neoverse N1 (jsc#ECO-561). - arm64: Add silicon-errata.txt entry for ARM erratum 1188873 (jsc#ECO-561). - arm64: Add support for new control bits CTR_EL0.DIC and CTR_EL0.IDC (jsc#ECO-561,jsc#SLE-10671). - arm64: Apply ARM64_ERRATUM_1188873 to Neoverse-N1 (jsc#ECO-561). - arm64: arch_timer: Add workaround for ARM erratum 1188873 (jsc#ECO-561). - arm64: arch_timer: avoid unused function warning (jsc#ECO-561). - arm64: compat: Add CNTFRQ trap handler (jsc#ECO-561). - arm64: compat: Add CNTVCT trap handler (jsc#ECO-561). - arm64: compat: Add condition code checks and IT advance (jsc#ECO-561). - arm64: compat: Add cp15_32 and cp15_64 handler arrays (jsc#ECO-561). - arm64: compat: Add separate CP15 trapping hook (jsc#ECO-561). - arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space (jsc#ECO-561,jsc#SLE-10671). - arm64: cpu_errata: Remove ARM64_MISMATCHED_CACHE_LINE_SIZE (jsc#ECO-561,jsc#SLE-10671). - arm64/cpufeature: Convert hook_lock to raw_spin_lock_t in cpu_enable_ssbs() (jsc#ECO-561). - arm64: cpufeature: ctr: Fix cpu capability check for late CPUs (jsc#ECO-561,jsc#SLE-10671). - arm64: cpufeature: Detect SSBS and advertise to userspace (jsc#ECO-561). - arm64: cpufeature: Fix handling of CTR_EL0.IDC field (jsc#ECO-561,jsc#SLE-10671). - arm64: cpufeature: Trap CTR_EL0 access only where it is necessary (jsc#ECO-561,jsc#SLE-10671). - arm64: cpu: Move errata and feature enable callbacks closer to callers (jsc#ECO-561). - arm64: entry: Allow handling of undefined instructions from EL1 (jsc#ECO-561). - arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 (jsc#ECO-561,jsc#SLE-10671). - arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419 (jsc#ECO-561,jsc#SLE-10671). - arm64: Fix mismatched cache line size detection (jsc#ECO-561,jsc#SLE-10671). - arm64: Fix silly typo in comment (jsc#ECO-561). - arm64: fix SSBS sanitization (jsc#ECO-561). - arm64: force_signal_inject: WARN if called from kernel context (jsc#ECO-561). - arm64: Force SSBS on context switch (jsc#ECO-561). - arm64: Handle erratum 1418040 as a superset of erratum 1188873 (jsc#ECO-561). - arm64: Introduce sysreg_clear_set() (jsc#ECO-561). - arm64: kill change_cpacr() (jsc#ECO-561). - arm64: kill config_sctlr_el1() (jsc#ECO-561). - arm64: KVM: Add invalidate_icache_range helper (jsc#ECO-561,jsc#SLE-10671). - arm64: KVM: PTE/PMD S2 XN bit definition (jsc#ECO-561,jsc#SLE-10671). - arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (jsc#ECO-561). - arm64: move SCTLR_EL{1,2} assertions to &lt;asm/sysreg.h> (jsc#ECO-561). - arm64: Restrict ARM64_ERRATUM_1188873 mitigation to AArch32 (jsc#ECO-561). - arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 (jsc#ECO-561). - arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (jsc#ECO-561). - arm: KVM: Add optimized PIPT icache flushing (jsc#ECO-561,jsc#SLE-10671). - ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3 (bsc#1111666). - brcmfmac: sdio: Disable auto-tuning around commands expected to fail (bsc#1111666). - brcmfmac: sdio: Do not tune while the card is off (bsc#1111666). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - config: arm64: enable erratum 1418040 and 1542419 - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - drm/amd/display: fix odm combine pipe reset (bsc#1111666). - drm/amdgpu: fix memory leak (bsc#1111666). - drm/amdgpu/powerplay/vega10: allow undervolting in p7 (bsc#1111666). - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/cml: Add second PCH ID for CMP (bsc#1111666). - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Disable Secure Batches for gen6+ (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915/ilk: Fix warning when reading emon_status with no output (bsc#1111666). - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Remove Master tables from cmdparser (bsc#1135967) - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - drm/msm/dpu: handle failures while initializing displays (bsc#1111666). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - IB/core: Add mitigation for Spectre V1 (bsc#1155671) - integrity: prevent deadlock during digsig verification (bsc#1090631). - irqchip/gic-v3-its: Fix command queue pointer comparison bug (jsc#ECO-561). - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices (jsc#ECO-561). - irqchip/gic-v3-its: Fix misuse of GENMASK macro (jsc#ECO-561). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (bsc#1111666). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: fw: do not send GEO_TX_POWER_LIMIT command to FW version 36 (bsc#1111666). - kabi protect enum RDMA_DRIVER_EFA (jsc#SLE-4805) - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - kABI workaround for mmc_host retune_crc_disable flag addition (bsc#1111666). - KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (jsc#ECO-561). - KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW (jsc#ECO-561,jsc#SLE-10671). - KVM: arm/arm64: Detangle kvm_mmu.h from kvm_hyp.h (jsc#ECO-561,jsc#SLE-10671). - KVM: arm/arm64: Drop vcpu parameter from guest cache maintenance operartions (jsc#ECO-561,jsc#SLE-10671). - KVM: arm/arm64: Limit icache invalidation to prefetch aborts (jsc#ECO-561,jsc#SLE-10671). - KVM: arm/arm64: Only clean the dcache on translation fault (jsc#ECO-561,jsc#SLE-10671). - KVM: arm/arm64: Preserve Exec permission across R/W permission faults (jsc#ECO-561,jsc#SLE-10671). - KVM: arm/arm64: Split dcache/icache flushing (jsc#ECO-561,jsc#SLE-10671). - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - mmc: core: Add sdio_retune_hold_now() and sdio_retune_release() (bsc#1111666). - mmc: core: API to temporarily disable retuning for SDIO CRC errors (bsc#1111666). - Move upstreamed CA0132 fix into sorted section - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - phylink: fix kernel-doc warnings (bsc#1111666). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - RDMA/efa: Add Amazon EFA driver (jsc#SLE-4805) - RDMA/hns: Add reset process for function-clear (bsc#1155061). - RDMA/hns: Remove the some magic number (bsc#1155061). - RDMA/restrack: Track driver QP types in resource tracker (jsc#SLE-4805) - Revert 'ALSA: hda: Flush interrupts on disabling' (bsc#1051510). - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390: add support for IBM z15 machines (bsc#1152696 LTC#181731). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390: fix setting of mio addressing control (bsc#1152665 LTC#181729). - s390/pci: add mio_enabled attribute (bsc#1152665 LTC#181729). - s390/pci: correctly handle MIO opt-out (bsc#1152665 LTC#181729). - s390/pci: deal with devices that have no support for MIO instructions (bsc#1152665 LTC#181729). - s390/pci: fix MSI message data (bsc#1152697 LTC#181730). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - usb: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: ldusb: fix control-message timeout (bsc#1051510). - usb: ldusb: fix ring-buffer locking (bsc#1051510). - usb: serial: whiteheat: fix line-speed endianness (bsc#1051510). - usb: serial: whiteheat: fix potential slab corruption (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - wil6210: fix freeing of rx buffers in EDMA mode (bsc#1111666). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1111666 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144903 SUSE bug 1149119 SUSE bug 1150466 SUSE bug 1152665 SUSE bug 1152696 SUSE bug 1152697 SUSE bug 1152782 SUSE bug 1153681 SUSE bug 1154124 SUSE bug 1154526 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155061 SUSE bug 1155671 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156429 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16231 CVE-2019-17055 CVE-2019-18805 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497). - CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). (bsc#1154460). - CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464) - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458). - CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456). - CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a Denial of Service (Dos). (bsc#1154448) - Upstream bug fixes (bsc#1027519) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1027519 SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154460 SUSE bug 1154461 SUSE bug 1154464 SUSE bug 1155945 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for qemu fixes the following issues: qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) Security issues fixed: - CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873) - CVE-2019-11135: Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (bsc#1152506) - CVE-2018-12207: Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (bsc#1117665) Other issues fixed: - Change how this bug gets fixed (bsc#1144087) - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0. (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774) - Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132) - Additional hardware instruction support for s390, also update qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1079730 SUSE bug 1098403 SUSE bug 1111025 SUSE bug 1117665 SUSE bug 1119991 SUSE bug 1143794 SUSE bug 1144087 SUSE bug 1145379 SUSE bug 1145427 SUSE bug 1145436 SUSE bug 1145774 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1152506 CVE-2018-12207 CVE-2018-20126 CVE-2019-11135 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libtomcrypt fixes the following issue: CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (bsc#1153433). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1153433 CVE-2019-17362 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage (bsc#1146213). - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser (bsc#1146212). - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function (bsc#1146211). - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage (bsc#1146068). - CVE-2019-14981: Fixed a use after free in the UnmapBlob function (bsc#1146065). - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784). - CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1146065 SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151784 SUSE bug 1151785 SUSE bug 1151786 CVE-2019-14980 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402). Non-security issue fixed: - Go was updated to version 1.12.12 (bsc#1141689). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141689 SUSE bug 1152082 SUSE bug 1154402 CVE-2019-16276 CVE-2019-17596 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ghostscript fixes the following issues: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi (bsc#1140738). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). Other issues addressed: * Fixed DNS failures when peer name was configured with any upper case characters * Fixed several rock cache_dir corruption issues This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1133089 SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141330 SUSE bug 1141332 SUSE bug 1141442 SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 CVE-2019-12523 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527 CVE-2019-12529 CVE-2019-12854 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-3688 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to version 78.0.3904.108 fixes the following issues: - Chromium was updated to 78.0.3904.108 (boo#1157269) Security issues fixed: - CVE-2019-13723: Fixed a use-after-free in Bluetooth - CVE-2019-13724: Fixed an out of bounds access in Bluetooth Important SUSE bug 1157269 CVE-2019-13723 CVE-2019-13724 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2-mod_perl to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Other issue addressed: - Restore process name after sv_setpv_mg() call. (bsc#1091625) Moderate SUSE bug 1091625 SUSE bug 1156944 CVE-2011-2767 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1103320 SUSE bug 1154036 SUSE bug 1154037 CVE-2019-17594 CVE-2019-17595 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues: Security issue fixed: - CVE-2019-14241: Fixed a cookie memory corruption problem. (bsc#1142529) The update to 2.0.5 brings lots of features and bugfixes: - new internal native HTTP representation called HTX, was already in 1.9 and is now enabled by default in 2.0 - end-to-end HTTP/2 support including trailers and continuation frames, as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using the H2 preface; - server connection pooling and more advanced reuse, with ALPN protocol negotiation (already in 1.9) - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers as well as on the frontend - much more scalable multi-threading, which is even enabled by default on platforms where it was successfully tested ; by default, as many threads are started as the number of CPUs haproxy is allowed to run on. This removes a lot of configuration burden in VMs and containers - automatic maxconn setting for the process and the frontends, directly based on the number of available FDs (easier configuration in containers and with systemd) - logging to stdout for use in containers and systemd (already in 1.9). Logs can now provide micro-second resolution for some events - peers now support SSL, declaration of multiple stick-tables directly in the peers section, and synchronization of server names, not just IDs - In master-worker mode, the master process now exposes its own CLI and can communicate with all other processes (including the stopping ones), even allowing to connect to their CLI and check their state. It is also possible to start some sidecar programs and monitor them from the master, and the master can automatically kill old processes that survived too many reloads - the incoming connections are load-balanced between all threads depending on their load to minimize the processing time and maximize the capacity (already in 1.9) - the SPOE connection load-balancing was significantly improved in order to reduce high percentiles of SPOA response time (already in 1.9) - the 'random' load balancing algorithm and a power-of-two-choices variant were introduced - statistics improvements with per-thread counters for certain things, and a prometheus exporter for all our statistics; - lots of debugging help, it's easier to produce a core dump, there are new commands on the CLI to control various things, there is a watchdog to fail cleanly when a thread deadlock or a spinning task are detected, so overall it should provide a better experience in field and less round trips between users and developers (hence less stress during an incident). - all 3 device detection engines are now compatible with multi-threading and can be build-tested without any external dependencies - 'do-resolve' http-request action to perform a DNS resolution on any, sample, and resolvers now support relying on /etc/resolv.conf to match the local resolver - log sampling and balancing : it's now possible to send 1 log every 10 to a server, or to spread the logging load over multiple log servers; - a new SPOA agent (spoa_server) allows to interface haproxy with Python and Lua programs - support for Solaris' event ports (equivalent of kqueue or epoll) which will significantly improve the performance there when dealing with numerous connections - some warnings are now reported for some deprecated options that will be removed in 2.1. Since 2.0 is long term supported, there's no emergency to convert them, however if you see these warnings, you need to understand that you're among their extremely rare users and just because of this you may be taking risks by keeping them - A new SOCKS4 server-side layer was provided ; it allows outgoing connections to be forwarded through a SOCKS4 proxy (such as ssh -D). - priority- and latency- aware server queues : it is possible now to assign priorities to certain requests and/or to give them a time bonus or penalty to refine control of the traffic and be able to engage on SLAs. - internally the architecture was significantly redesigned to allow to further improve performance and make it easier to implement protocols that span over multiple layers (such as QUIC). This work started in 1.9 and will continue with 2.1. - the I/O, applets and tasks now share the same multi-threaded scheduler, giving a much better responsiveness and fairness between all tasks as is visible with the CLI which always responds instantly even under extreme loads (started in 1.9) - the internal buffers were redesigned to ease zero-copy operations, so that it is possible to sustain a high bandwidth even when forwarding HTTP/1 to/from HTTP/2 (already in 1.9) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1142529 CVE-2019-14241 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for djvulibre fixes the following issues: Security issue fixed: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Other issue addressed: - Fixed a crash when mmx was enabled (bsc#1154401) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1154401 SUSE bug 1156188 CVE-2019-18804 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bluez fixes the following issues: - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1013712 CVE-2016-9798 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 to version 2.26.2 fixes the following issues: Webkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and WSA-2019-0006, bsc#1155321 bsc#1156318) Security issues addressed: - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8674: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8707: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8719: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8720: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8726: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8733: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8735: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8763: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8768: Fixed an issue where a user may be unable to delete browsing history items. - CVE-2019-8769: Fixed an issue where a maliciously crafted website may reveal browsing history. - CVE-2019-8771: Fixed an issue where a maliciously crafted web content may violate iframe sandboxing policy. - CVE-2019-8710: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8743: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8764: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8765: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8766: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8782: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8783: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8808: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8811: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8812: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8813: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8814: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8815: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8816: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8819: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8820: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8821: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8822: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8823: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1155321 SUSE bug 1156318 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8625 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1155199 CVE-2019-14866 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for strongswan fixes the following issues: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1093536 SUSE bug 1094462 SUSE bug 1107874 SUSE bug 1109845 CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.2: * CVE-2019-18622: SQL injection in Designer feature (boo#1157614) * Fixes for 'Failed to set session cookie' error * Advisor with MySQL 8.0.3 and newer * Fix PHP deprecation errors * Fix a situation where exporting users after a delete query could remove users * Fix incorrect 'You do not have privileges to manipulate with the users!' warning * Fix copying a database's privileges and several other problems moving columns with MariaDB * Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export Moderate SUSE bug 1157614 CVE-2019-18622 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openafs fixes the following issues: Update to security-release 1.8.5, adresses: * OPENAFS-SA-2019-001: Skip server OUT args on error * OPENAFS-SA-2019-002: Zero all server RPC args * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref update to official version 1.8.4 * support Linux-kernel 5.3 * Avoid non-dir ENOENT errors in afs_lookup * fix parsing of fileservers with -vlruthresh, etc. * other bugfixes update to pre-release 1.8.4pre2 * fix builds for Linux-kernels 5.3 update to 1.8.3 - fix broken directory layout - allow crypt to be set/unset on startup of client update to pre-release 1.8.3pre1 * fix builds for Linux-kernels 4.20 and 5.0 * other fixes, see RELNOTES-1.8.3pre1 Moderate cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freerdp fixes the following issues: - CVE-2019-17177: Fixed multiple memory leaks in libfreerdp/codec/region.c (bsc#1153163). - CVE-2019-17178: Fixed a memory leak in HuffmanTree_makeFromFrequencies (bsc#1153164). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1153163 SUSE bug 1153164 CVE-2019-17177 CVE-2019-17178 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1154884 SUSE bug 1154887 CVE-2019-12290 CVE-2019-18224 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1123919 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for calamares fixes the following issues: - Launch with 'pkexec calamares' in openSUSE Tumbleweed, but launch with 'xdg-su -c calamares' in openSUSE Leap 15. Update to Calamares 3.2.15: - 'displaymanager' module now treats 'sysconfig' as a regular entry in the 'displaymanagers' list, and the 'sysconfigSetup' key is used as a shorthand to force only that entry in the list. - 'machineid' module has been re-written in C++ and extended with a new configuration key to generate urandom pool data. - 'unpackfs' now supports a special 'sourcefs' value of file for copying single files (optionally with renaming) or directory trees to the target system. - 'unpackfs' now support an 'exclude' and 'excludeFile' setting for excluding particular files or patters from unpacking. Update to Calamares 3.2.14: - 'locale' module no longer recognizes the legacy GeoIP configuration. This has been deprecated since Calamares 3.2.8 and is now removed. - 'packagechooser' module can now be custom-labeled in the overall progress (left-hand column). - 'displaymanager' module now recognizes KDE Plasma 5.17. - 'displaymanager' module now can handle Wayland sessions and can detect sessions from their .desktop files. - 'unpackfs' now has special handling for sourcefs setting “file”. Update to Calamares 3.2.13. More about upstream changes: https://calamares.io/calamares-3.2.13-is-out/ and https://calamares.io/calamares-3.2.12-is-out/ Update to Calamares 3.2.11: - Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256, CVE-2019-13178) - more about upstream changes in 3.2 versions can be found in https://calamares.io/ and https://github.com/calamares/calamares/releases Moderate SUSE bug 1140256 SUSE bug 1152377 CVE-2019-13178 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucode-intel fixes the following issues: - Updated to 20191115 security release (bsc#1157004) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1157004 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). - CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1120653 SUSE bug 1120654 SUSE bug 1124341 SUSE bug 1124342 SUSE bug 1155079 CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cloud-init to version 19.2 fixes the following issues: Security issue fixed: - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to authorized_keys (bsc#1129124). Non-security issues fixed: - Short circuit the conditional for identifying the sysconfig renderer (bsc#1154092, bsc#1142988). - If /etc/resolv.conf is a symlink, break it. This will avoid netconfig from clobbering the changes cloud-init applied (bsc#1151488). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1099358 SUSE bug 1129124 SUSE bug 1136440 SUSE bug 1142988 SUSE bug 1144363 SUSE bug 1151488 SUSE bug 1154092 CVE-2019-0816 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' (bsc#1154980). - Fixed an improper handling of headers which could have led to injecting LFs in H2-to-H1 transfers creating new attack space (bsc#1157712) - Fixed an issue where HEADER frames in idle streams are not rejected and thus trying to decode them HAPrpxy crashes (bsc#1157714). Other issue addressed: - Macro change in the spec file (bsc#1082318) More information regarding the release at: http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1082318 SUSE bug 1154980 SUSE bug 1157712 SUSE bug 1157714 CVE-2019-18277 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Opera was updated to version 65.0.3467.62 - CHR-7658 Update chromium on desktop-stable-78-3467 to 78.0.3904.108 - DNA-81387 Remove support for old bundle structure in signing scripts - DNA-81675 Update widevine signature localisation in signed packages - DNA-81884 [Advanced content blocking] Ads are blocked for whitelisted page in Incognito - DNA-82230 [Mac] URL is not correctly aligned when the Geolocation is ON - DNA-82368 Generating diffs for unsinged packages doesn’t work - DNA-82414 Wrong number of trackers displayed just after deactivating adblocker - DNA-82470 [Linux] Snap package doesn’t recognise GNOME 3.24 platform snap connection - DNA-82473 https://www.nba.com/standings not working with AdBlocker enabled - DNA-82484 Update content blocking icon - DNA-82485 [Mac 10.15] Opera installer error at the end of installation process - DNA-82508 [Adblocker] Predefault lists can not be unchecked - DNA-82557 Address bar dropdown launches HTTP GETs for every autocomplete - DNA-82596 Do not block first-party ‘trackers’ - DNA-82616 Settings – Tracker Blocker – Add “Learn more” link - DNA-82626 [Win] High CPU usage due to media indicator animation - DNA-82647 Tab icons mixed after Tab closing - DNA-82742 Pages won’t load after closing private mode - DNA-82768 Mark also the reference group in “exp” header for DNA-81658 - DNA-82840 Disable favicon fetching for typed URLs Complete Opera 65.0 changelog at: https://blogs.opera.com/desktop/changelog-for-65/ Update to version 64.0.3417.92 - DNA-81358 Wrong key color on extension popup in dark mode - DNA-82208 Cherry-pick CVE-2019-13721 and CVE-2019-13720 Update to version 64.0.3417.83 - DNA-79676 Use FFmpegDemuxer to demux ADTS - DNA-81010 Spinner takes a lot of cpu - DNA-81385 Keys on some popups in dark mode can’t be hovered - DNA-81494 [Mac] Snap onboarding doesn’t appear while the icon still flashes - DNA-82003 Restore legacy path for AudioFileReader - DNA-82019 Enable #ffmpeg-demuxer-everywhere by default in developer - DNA-82028 Enable #ffmpeg-demuxer-everywhere by default in stable on macOS Update to version 64.0.3417.73 - CHR-7598 Update chromium on desktop-stable-77-3417 to 77.0.3865.120 - DNA-80049 The upper border of “Add to bookmarks bar” popup is cut off in white mode - DNA-80395 Menu popup borders in Settings are invisible in Dark mode - DNA-81263 Change the continue section buttons visibility as in description - DNA-81304 Crash at chrome::NewTab(Browser*) - DNA-81650 Easy Setup Style looks weird - DNA-81708 Missing dependency on //chrome/common:buildflags - DNA-81732 [Mac][Catalina] Cannot maximize a window after it’s been minimized - DNA-81737 Renderer crash on https://codesandbox.io/s/vanilla-ts - DNA-81753 Pinned tab only remembered after next restart - DNA-81769 Investigate reports about slow speed dial loading in O64 blog comments - DNA-81859 [Mac 10.15] Crash whenever navigating to any page - DNA-81893 Get Personalised news on SpeedDials broken layout Update to version 64.0.3417.61 - DNA-80760 Sidebar Messenger icon update - DNA-81165 Remove sharing service - DNA-81211 [Advanced content blocking] Can not turn off ad blocking in private mode - DNA-81323 content_filter::RendererConfigProvider destroyed on wrong sequence - DNA-81487 [VPN disclaimer][da, ta] Text should be multiline - DNA-81545 opr-session entry for Google ads not working - DNA-81580 Speed dials’ colours change after Opera update - DNA-81597 [Adblocker] Google Ads link hides if clicking - DNA-81639 Widevine verification status is PLATFORM_TAMPERED - DNA-81237 [Advanced content blocking] noCoinis not enabled by default - DNA-81375 Adblocking_AddToWhitelist_Popup and Adblocking_RemoveFromWhitelist_Popup metric not recorded in stats - DNA-81413 Error in console when Start Page connects to My Flow - DNA-81435 Adjust VPN disclaimer to longer strings [de] Update to version 64.0.3417.47 - DNA-80531 [Reborn3] Unify Switches - DNA-80738 “How to protect my privacy” link - DNA-81162 Enable #advanced-content-blocking on developer stream - DNA-81202 Privacy Protection popup doesn’t resize after enabling blockers - DNA-81230 [Mac] Drop support for 10.10 - DNA-81280 Adjust button width to the shorter string - DNA-81295 Opera 64 translations - DNA-81346 Enable #advanced-content-blocking on all streams - DNA-81434 Turn on #new-vpn-flow in all streams - DNA-81436 Import translations from Chromium to O64 - DNA-81460 Promote O64 to stable - DNA-81461 Snap onboarding is cut - DNA-81467 Integrate missing translations (Chinese, MS and TL) to O64/65 - DNA-81489 Start page goes into infinite loop Complete Opera 64.0 changelog at: https://blogs.opera.com/desktop/changelog-for-64/ Update to version 63.0.3368.94 - CHR-7516 Update chromium on master to 78.0.3887.7 - DNA-80966 [Linux] Integrate a new key into our packages Update to version 63.0.3368.88 - DNA-79103 Saving link to bookmarks saves it to Other bookmarks folder - DNA-79455 Crash at views::MenuController:: FindNextSelectableMenuItem(views::MenuItemView*, int, views:: MenuController::SelectionIncrementDirectionType, bool) - DNA-79579 Continuous packages using new_mac_bundle_structure do not run - DNA-79611 Update opauto_paths.py:GetResourcesDir - DNA-79621 Add support for new bundle structure to old autoupdate clients - DNA-79906 Fix package build - DNA-80131 Sign Opera Helper(GPU).app - DNA-80191 Fix opera_components/tracking_data/tracking_data_paths.cc - DNA-80638 Cherry-pick fix for CreditCardTest. UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSameName - DNA-80801 Very slow tab deletion process Important CVE-2019-13720 CVE-2019-13721 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for shadowsocks-libev fixes the following issues: - Update version to 3.3.3 * Refine the handling of suspicious connections. * Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality (boo#1158251, CVE-2019-5163) * Fix code execution vulnerability in the ss-manager binary (boo#1158365, CVE-2019-5164) * Refine the handling of fragment request. * Fix a high CPU bug introduced in 3.3.0. (#2449) * Enlarge the socket buffer size to 16KB. * Fix the empty list bug in ss-manager. * Fix the IPv6 address parser. * Fix a bug of port parser. * Fix a crash with MinGW. * Refine SIP003 plugin interface. * Remove connection timeout from all clients. * Fix the alignment bug again. * Fix a bug on 32-bit arch. * Add TCP fast open support to ss-tunnel by @PantherJohn. Moderate SUSE bug 1158251 SUSE bug 1158365 CVE-2019-5163 CVE-2019-5164 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance (bsc#1076958). Other issues addressed: - Included linux/sockios.h to get SIOCGSTAMP (bsc#1156543). - Removed cache size limit (bsc#1138743). - bsc#1152539: include config files from /etc/dnsmasq.d/*.conf . This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1076958 SUSE bug 1138743 SUSE bug 1152539 SUSE bug 1154849 SUSE bug 1156543 CVE-2017-15107 CVE-2019-14834 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for munge fixes the following issues: Security issue fixed: - CVE-2019-3691: Fixed a Local privilege escalation vulnerability which allowed escalation from munge to root (bsc#1155075). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1155075 CVE-2019-3691 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for opencv fixes the following issues: Security issues fixed: - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered<cv:HaarEvaluator>, leading to DOS (bsc#1144352). - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348). - CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742). Non-security issue fixed: - Fixed an issue in opencv-devel that broke builds with 'No rule to make target opencv_calib3d-NOTFOUND' (bsc#1154091). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1144348 SUSE bug 1144352 SUSE bug 1149742 SUSE bug 1154091 CVE-2019-14491 CVE-2019-14492 CVE-2019-15939 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1093414 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in drivers/media/v4l2-core/v4l2-dev.c (bnc#1146519). - CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bnc#1158427 1158445). - CVE-2019-19543: There is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19525: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bnc#1158417). - CVE-2019-19530: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bnc#1158410). - CVE-2019-19536: There is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bnc#1158394). - CVE-2019-19524: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bnc#1158413). - CVE-2019-19528: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bnc#1158407). - CVE-2019-19534: There is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bnc#1158398). - CVE-2019-19529: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: A heap-based buffer overflow was discovered in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid, which was exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c allowed attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258). - CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c was fixed (bnc#1157304). - CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2 (bnc#1157032). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042 (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e (bnc#1157193). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932 (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6 (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122 (bnc#1157678). - CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a (bnc#1157045). - CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a (bnc#1157044). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14 (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486 (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c were fixed. (bnc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c allowed attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c was fixed. (bnc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5 (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4 (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10 (bnc#1157070). - CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc allowed attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1 (bnc#1157049). - CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc allowed attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad (bnc#1157046). - CVE-2019-15916: There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). The following non-security bugs were fixed: - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug bridge (bsc#1111666). - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - acpi/nfit, device-dax: Identify differentiated memory with a unique numa-node (bsc#1158071). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda: Fix racy display power access (bsc#1156928). - ALSA: hda/hdmi - Clear codec->relaxed_resume flag at unbinding (git-fixes). - ALSA: hda: hdmi - fix port numbering for ICL and TGL platforms (git-fixes). - ALSA: hda: hdmi - remove redundant code comments (git-fixes). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: pcm: Yet another missing check of non-cached buffer type (bsc#1111666). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: usb-audio: Add skip_validation option (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() (git-fixes). - ALSA: usb-audio: Fix incorrect size check for processing/extension units (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: Fix NULL dereference at parsing BADD (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ALSA: usb-audio: sound: usb: usb true/false for bool return type (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem (bsc#1111666). - ath10k: avoid possible memory access violation (bsc#1111666). - ath10k: Correct error handling of dma_map_single() (bsc#1111666). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: skip resetting rx filter for WCN3990 (bsc#1111666). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands (bsc#1104745). - bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands (bsc#1104745 FATE#325918). - bnxt_en: Update firmware interface spec. to 1.10.0.47 (bsc#1157115) - bnxt_en: Update firmware interface spec. to 1.10.0.89 (bsc#1157115) - bnxt_en: Update firmware interface to 1.10.0.69 (bsc#1157115) - bpf: fix BTF limits (bsc#1109837). - bpf: fix BTF verification of enums (bsc#1109837). - bpf: Fix use after free in subprog's jited symbol removal (bsc#1109837). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: fix wrong strnchr usage (bsc#1111666). - brcmfmac: increase buffer for obtaining firmware capabilities (bsc#1111666). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - brcmsmac: Use kvmalloc() for ucode allocations (bsc#1111666). - btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: validate wmm rule when setting (bsc#1111666). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: fix max ea value size (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - cifs: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - cifs: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - cifs: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - cifs: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - cifs: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - cxgb4: request the TX CIDX updates to status page (bsc#1127354 bsc#1127371). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - docs: move protection-keys.rst to the core-api book (FATE#322447, bsc#1078248). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - Documentation: x86: convert protection-keys.txt to reST (FATE#322447, bsc#1078248). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1111666). - drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported (bsc#1113956) - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm: fix module name in edid_firmware log message (bsc#1113956) - drm/i915: Do not dereference request if it may have been retired when (bsc#1142635) - drm/i915: Fix and improve MCR selection logic (bsc#1112178) - drm/i915/gvt: fix dropping obj reference twice (bsc#1111666). - drm/i915: Lock the engine while dumping the active request (bsc#1142635) - drm/i915/pmu: 'Frequency' is reported as accumulated cycles (bsc#1112178) - drm/i915: Reacquire priolist cache after dropping the engine lock (bsc#1129770) - drm/i915: Skip modeset for cdclk changes if possible (bsc#1156928). - drm/msm: fix memleak on release (bsc#1111666). - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - Drop scsi-qla2xxx-Fix-memory-leak-when-sending-I-O-fails.patch This patch has introduces an double free. Upstream has dropped it from the scsi-queue before it hit mainline. So let's drop it as well. - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - i2c: of: Try to find an I2C adapter matching the parent (bsc#1129770) - i40e: enable X710 support (bsc#1151067). - IB/mlx5: Free mpi in mp_slave mode (bsc#1103991). - IB/mlx5: Free mpi in mp_slave mode (bsc#1103991 FATE#326007). - IB/mlx5: Support MLX5_CMD_OP_QUERY_LAG as a DEVX general command (bsc#1103991). - IB/mlx5: Support MLX5_CMD_OP_QUERY_LAG as a DEVX general command (bsc#1103991 FATE#326007). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ice: fix potential infinite loop because loop counter being too small (bsc#1118661). - ice: fix potential infinite loop because loop counter being too small (bsc#1118661 FATE#325277). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - intel_th: Fix a double put_device() in error path (git-fixes). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - irqdomain: Add the missing assignment of domain->fwnode for named fwnode (bsc#1111666). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: drop packets with bad status in CD (bsc#1111666). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - iwlwifi: mvm: use correct FIFO length (bsc#1111666). - iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN (bsc#1111666). - iwlwifi: pcie: read correct prph address for newer devices (bsc#1111666). - ixgbe: fix double clean of Tx descriptors with xdp (bsc#1113994 ). - ixgbe: fix double clean of Tx descriptors with xdp (bsc#1113994 FATE#326315 FATE#326317). - ixgbevf: Fix secpath usage for IPsec Tx offload (bsc#1113994 ). - ixgbevf: Fix secpath usage for IPsec Tx offload (bsc#1113994 FATE#326315 FATE#326317). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - kABI fixup alloc_dax_region (bsc#1158071). - kabi: s390: struct subchannel (git-fixes). - kABI workaround for ath10k hw_filter_reset_required field (bsc#1111666). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for iwlwifi iwl_rx_cmd_buffer change (bsc#1111666). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - KVM: s390: fix __insn32_query() inline assembly (git-fixes). - KVM: s390: vsie: Do not shadow CRYCB when no AP and no keys (git-fixes). - KVM: s390: vsie: Return correct values for Invalid CRYCB format (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - libnvdimm: Export the target_node attribute for regions and namespaces (bsc#1158071). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995 fate#323487). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Basic API to track system state changes (bsc#1071995 fate#323487). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995 fate#323487). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995 fate#323487). - loop: add ioctl for changing logical block size (bsc#1108043). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - lpfc: size cpu map by last cpu id set (bsc#1157160). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) Fix badly backported patch - mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions (bsc#1112374). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mt76x0: init hw capabilities. - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifex: free rx_cmd skb in suspended state (bsc#1111666). - mwifiex: do no submit URB in suspended state (bsc#1111666). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - nbd: prevent memory leak (bsc#1158638). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: hns3: change GFP flag during lock period (bsc#1104353 ). - net: hns3: change GFP flag during lock period (bsc#1104353 FATE#326415). - net: hns3: do not query unsupported commands in debugfs (bsc#1104353). - net: hns3: do not query unsupported commands in debugfs (bsc#1104353 FATE#326415). - net: hns3: fix GFP flag error in hclge_mac_update_stats() (bsc#1126390). - net: hns3: fix some reset handshake issue (bsc#1104353 ). - net: hns3: fix some reset handshake issue (bsc#1104353 FATE#326415). - net: hns3: prevent unnecessary MAC TNL interrupt (bsc#1104353 bsc#1134983). - net: hns3: prevent unnecessary MAC TNL interrupt (bsc#1104353 FATE#326415 bsc#1134983). - net: hns: Fix the stray netpoll locks causing deadlock in NAPI path (bsc#1104353). - net: hns: Fix the stray netpoll locks causing deadlock in NAPI path (bsc#1104353 FATE#326415). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix eswitch debug print of max fdb flow (bsc#1103990 ). - net/mlx5e: Fix eswitch debug print of max fdb flow (bsc#1103990 FATE#326006). - net/mlx5e: Fix ethtool self test: link speed (bsc#1103990 ). - net/mlx5e: Fix ethtool self test: link speed (bsc#1103990 FATE#326006). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/mlx5e: Print a warning when LRO feature is dropped or not allowed (bsc#1103990). - net/mlx5e: Print a warning when LRO feature is dropped or not allowed (bsc#1103990 FATE#326006). - net/mlx5: FWTrace, Reduce stack usage (bsc#1103990). - net/mlx5: FWTrace, Reduce stack usage (bsc#1103990 FATE#326006). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - net: phy: bcm7xxx: define soft_reset for 40nm EPHY (bsc#1119113 ). - net: phy: bcm7xxx: define soft_reset for 40nm EPHY (bsc#1119113 FATE#326472). - net: phylink: Fix flow control resolution (bsc#1119113 ). - net: phylink: Fix flow control resolution (bsc#1119113 FATE#326472). - net: sched: cbs: Avoid division by zero when calculating the port rate (bsc#1109837). - net/sched: cbs: Fix not adding cbs instance to list (bsc#1109837). - net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate (bsc#1109837). - net: sched: fix possible crash in tcf_action_destroy() (bsc#1109837). - net: sched: fix reordering issues (bsc#1109837). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: do not schedule tx_work in SMC_CLOSED state (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix fastopen for non-blocking connect() (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net/smc: fix SMCD link group creation with VLAN id (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net/smc: original socket family in inet_sock_diag (git-fixes). - net: sock_map, fix missing ulp check in sock hash case (bsc#1109837). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs (bsc#1109837). - nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs (bsc#1109837). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - nvme-tcp: support C2HData with SUCCESS flag (bsc#1157386). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI: pciehp: Do not disable interrupt twice on suspend (bsc#1111666). - PCI/PM: Clear PCIe PME Status even for legacy power management (bsc#1111666). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (bsc#1142924). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - printk: Export console_printk (bsc#1071995). - printk: Export console_printk (bsc#1071995 fate#323487). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - qxl: fix null-pointer crash during suspend (bsc#1111666). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (bsc#1157115) - RDMA/efa: Clear the admin command buffer prior to its submission (git-fixes) Patch was already picked through Amazon driver repo but was not marked with a Git-commit tag - RDMA/hns: Fix comparison of unsigned long variable 'end' with less than zero (bsc#1104427 bsc#1137236). - RDMA/hns: Fix comparison of unsigned long variable 'end' with less than zero (bsc#1104427 FATE#326416 bsc#1137236). - RDMA/hns: Fix wrong assignment of qp_access_flags (bsc#1104427 ). - RDMA/hns: Fix wrong assignment of qp_access_flags (bsc#1104427 FATE#326416). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - Remove patches that reportedly cause regression (bsc#1155689 ltc#182047). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - Revert 'drm/etnaviv: fix dumping of iommuv2 (bsc#1113722)' This reverts commit 71e3a1b8d8cf73f711f3e4100aa51f68e631f94f. ATM the backported patch does not build on x86. - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rt2800: remove errornous duplicate condition (git-fixes). - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface (bsc#1111666). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cio: fix virtio-ccw DMA without PV (git-fixes). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: vsie: Use effective CRYCBD.31 to check CRYCBD validity (git-fixes). - s390/zcrypt: fix memleak at release (git-fixes). - scsi: lpfc: Add enablement of multiple adapter dumps (bsc#1154601). - scsi: lpfc: Add registration for CPU Offline/Online events (bsc#1154601). - scsi: lpfc: Change default IRQ model on AMD architectures (bsc#1154601). - scsi: lpfc: Clarify FAWNN error message (bsc#1154601). - scsi: lpfc: Fix a kernel warning triggered by lpfc_get_sgl_per_hdwq() (bsc#1154601). - scsi: lpfc: Fix a kernel warning triggered by lpfc_sli4_enable_intr() (bsc#1154601). - scsi: lpfc: fix build error of lpfc_debugfs.c for vfree/vmalloc (bsc#1154601). - scsi: lpfc: Fix configuration of BB credit recovery in service parameters (bsc#1154601). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1154601). - scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences (bsc#1154601). - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow (bsc#1154601). - scsi: lpfc: Fix dynamic fw log enablement check (bsc#1154601). - scsi: lpfc: fix inlining of lpfc_sli4_cleanup_poll_list() (bsc#1154601). - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce (bsc#1154601). - scsi: lpfc: Fix lpfc_cpumask_of_node_init() (bsc#1154601). - scsi: lpfc: Fix NULL check before mempool_destroy is not needed (bsc#1154601). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: fix spelling error in MAGIC_NUMER_xxx (bsc#1154601). - scsi: lpfc: Fix unexpected error messages during RSCN handling (bsc#1154601). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1154601). - scsi: lpfc: Initialize cpu_map for not present cpus (bsc#1154601). - scsi: lpfc: lpfc_attr: Fix Use plain integer as NULL pointer (bsc#1154601). - scsi: lpfc: lpfc_nvmet: Fix Use plain integer as NULL pointer (bsc#1154601). - scsi: lpfc: Make lpfc_debugfs_ras_log_data static (bsc#1154601). - scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (bsc#1154601). - scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold variable (bsc#1154601). - scsi: lpfc: revise nvme max queues to be hdwq count (bsc#1154601). - scsi: lpfc: Sync with FC-NVMe-2 SLER change to require Conf with SLER (bsc#1154601). - scsi: lpfc: Update lpfc version to 12.6.0.1 (bsc#1154601). - scsi: lpfc: Update lpfc version to 12.6.0.2 (bsc#1154601). - scsi: lpfc: use hdwq assigned cpu for allocation (bsc#1157160). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: qla2xxx: Use correct number of vectors for online CPUs (bsc#1137223). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: fix SCTP regression (bsc#1158082) (networking-stable-19_10_24 bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - Sort series.conf. - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tools: bpftool: fix arguments for p_err() in do_event_pipe() (bsc#1109837). - tools/power/x86/intel-speed-select: Fix a read overflow in isst_set_tdp_level_msr() (bsc#1111666). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tun: fix data-race in gro_normal_list() (bsc#1111666). - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - Update patches.suse/ipv6-defrag-drop-non-last-frags-smaller-than-min-mtu.patch (add bsc#1141054). - Update patches.suse/RDMA-Fix-goto-target-to-release-the-allocated-memory.patch (bsc#1050244 FATE#322915 bsc#1157171 CVE-2019-19077). - USB: chaoskey: fix error case of a timeout (git-fixes). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - USB: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - wil6210: drop Rx multicast packets that are looped-back to STA (bsc#1111666). - wil6210: fix debugfs memory access alignment (bsc#1111666). - wil6210: fix invalid memory access for rx_buff_mgmt debugfs (bsc#1111666). - wil6210: fix L2 RX status handling (bsc#1111666). - wil6210: fix locking in wmi_call (bsc#1111666). - wil6210: fix RGF_CAF_ICR address for Talyn-MB (bsc#1111666). - wil6210: prevent usage of tx ring 0 for eDMA (bsc#1111666). - wil6210: set edma variables only for Talyn-MB devices (bsc#1111666). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (FATE#322447, bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/pkeys: Update documentation about availability (FATE#322447, bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: fix sa selector validation (bsc#1156609). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xsk: Fix registration of Rx-only sockets (bsc#1109837). - xsk: relax UMEM headroom alignment (bsc#1109837). Important SUSE bug 1051510 SUSE bug 1071995 SUSE bug 1078248 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1103990 SUSE bug 1103991 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104745 SUSE bug 1108043 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112374 SUSE bug 1113722 SUSE bug 1113956 SUSE bug 1113994 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1118661 SUSE bug 1119113 SUSE bug 1120853 SUSE bug 1126390 SUSE bug 1127354 SUSE bug 1127371 SUSE bug 1129770 SUSE bug 1131107 SUSE bug 1134983 SUSE bug 1137223 SUSE bug 1137236 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1142635 SUSE bug 1142924 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1149448 SUSE bug 1151067 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1153628 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154355 SUSE bug 1154601 SUSE bug 1155689 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1156258 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1156928 SUSE bug 1157032 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157044 SUSE bug 1157045 SUSE bug 1157046 SUSE bug 1157049 SUSE bug 1157070 SUSE bug 1157115 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157160 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157304 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157386 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158071 SUSE bug 1158082 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 CVE-2019-14895 CVE-2019-14901 CVE-2019-15213 CVE-2019-15916 CVE-2019-18660 CVE-2019-18683 CVE-2019-18809 CVE-2019-19046 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19081 CVE-2019-19082 CVE-2019-19083 CVE-2019-19227 CVE-2019-19524 CVE-2019-19525 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19534 CVE-2019-19536 CVE-2019-19543 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql fixes the following issues: - Changed permissions, so that the directory can only be used by users in the postgres group (bsc#1123886). - Moved bash profile out of /var/lib to allow transactional updates (bsc#1100397). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1100397 SUSE bug 1123886 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues: Security issues fixed (bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: - Fixed build failuers on ARM (bsc#1138529). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1138529 SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 79.0.3945.79 (boo#1158982) - CVE-2019-13725: Fixed a use after free in Bluetooth - CVE-2019-13726: Fixed a heap buffer overflow in password manager - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets - CVE-2019-13728: Fixed an out of bounds write in V8 - CVE-2019-13729: Fixed a use after free in WebSockets - CVE-2019-13730: Fixed a type Confusion in V8 - CVE-2019-13732: Fixed a use after free in WebAudio - CVE-2019-13734: Fixed an out of bounds write in SQLite - CVE-2019-13735: Fixed an out of bounds write in V8 - CVE-2019-13764: Fixed a type Confusion in V8 - CVE-2019-13736: Fixed an integer overflow in PDFium - CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete - CVE-2019-13738: Fixed an insufficient policy enforcement in navigation - CVE-2019-13739: Fixed an incorrect security UI in Omnibox - CVE-2019-13740: Fixed an incorrect security UI in sharing - CVE-2019-13741: Fixed an insufficient validation of untrusted input in Blink - CVE-2019-13742: Fixed an incorrect security UI in Omnibox - CVE-2019-13743: Fixed an incorrect security UI in external protocol handling - CVE-2019-13744: Fixed an insufficient policy enforcement in cookies - CVE-2019-13745: Fixed an insufficient policy enforcement in audio - CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox - CVE-2019-13747: Fixed an uninitialized Use in rendering - CVE-2019-13748: Fixed an insufficient policy enforcement in developer tools - CVE-2019-13749: Fixed an incorrect security UI in Omnibox - CVE-2019-13750: Fixed an insufficient data validation in SQLite - CVE-2019-13751: Fixed an uninitialized Use in SQLite - CVE-2019-13752: Fixed an out of bounds read in SQLite - CVE-2019-13753: Fixed an out of bounds read in SQLite - CVE-2019-13754: Fixed an insufficient policy enforcement in extensions - CVE-2019-13755: Fixed an insufficient policy enforcement in extensions - CVE-2019-13756: Fixed an incorrect security UI in printing - CVE-2019-13757: Fixed an incorrect security UI in Omnibox - CVE-2019-13758: Fixed an insufficient policy enforcement in navigation - CVE-2019-13759: Fixed an incorrect security UI in interstitials - CVE-2019-13761: Fixed an incorrect security UI in Omnibox - CVE-2019-13762: Fixed an insufficient policy enforcement in downloads - CVE-2019-13763: Fixed an insufficient policy enforcement in payments Important SUSE bug 1158982 CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mariadb to version 10.2.29 fixes the following issues: MariaDB was updated to 10.2.29 (bsc#1156669) Security issues fixed: - CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service or data corruption This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1156669 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: - CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name (bsc#1158108). - CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced (bsc#1158109). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1158108 SUSE bug 1158109 CVE-2019-14861 CVE-2019-14870 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684). Other issues addressed: - Dropped disable-kde4 switch, since it is no longer known by configure - Disabled gtk2 because it will be removed in future releases - librelogo is now a standalone sub-package (bsc#1144522). - Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210). cmis-client was updated to 0.5.2: * Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck libixion was updated to 0.15.0: * Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues libmwaw was updated 0.3.15: * Fixed fuzzing issues liborcus was updated to 0.15.3: * Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes mdds was updated to 1.5.0: * API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree. myspell-dictionaries was updated to 20191016: * Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for 'ca' spdlog was updated to 0.16.3: * Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1061210 SUSE bug 1105173 SUSE bug 1144522 SUSE bug 1152684 CVE-2019-9853 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for spectre-meltdown-checker fixes the following issues: - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don't check kernel image if not available - fix: silence useless error from grep (fixes #322) - fix: msr: fix msr module detection under Ubuntu 19.10 (fixes #316) - fix: mocking value for read_msr - chore: rename mcedb cmdline parameters to fwdb, and change db version scheme - chore: fwdb: update to v130.20191104+i20191027 - chore: add GitHub check workflow This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1117665 SUSE bug 1139073 CVE-2018-12207 CVE-2019-11135 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 79.0.3945.88: - CVE-2019-13767: Fixed a use after free in media picker (boo#1159498) Important SUSE bug 1159498 CVE-2019-13767 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leaks found by Coverity. - Fix assertion failure in the freetype backend. (fdo#105746). - Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (bsc#1049092) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1049092 CVE-2017-9814 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pdns-recursor fixes the following issues: - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302). Moderate SUSE bug 1173302 CVE-2020-14196 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mumble fixes the following issues: mumble was updated 1.3.2: * client: Fixed overlay not starting Update to upstream version 1.3.1 - Security * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041 - ICE * Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) - GRPC * Fixed: Segmentation fault during murmur shutdown (#3938) - Client * Fixed: Crash when using multiple monitors (#3756) * Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864) * Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) * Fixed: High CPU usage for update-check if update server not available (#4019) * Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) * Fixed: Small parts of whispering leaking out (#4051) * Fixed: Last audio frame of normal talking is sent to last whisper target (#4050) * Fixed: LAN-icon not found in ConnectDialog (#4058) * Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) * Improved: Don't send empty data to PulseAudio (#3316) * Improved: Use the SRV resolved port for UDP connections (#3820) * Improved: Manual Plugin UI (#3919) * Improved: Don't start Jack server by default (#3990) * Improved: Overlay doesn't hook into all other processes by default (#4041) * Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) - Server * Fixed: Possibility to circumvent max user-count in channel (#3880) * Fixed: Rate-limit implementation susceptible to time-underflow (#4004) * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) * Fixed: Wrong database encoding that could lead to server-crash (#4220) * Fixed: DB crash due to primary key violation (now performs 'UPSERT' to avoid this) (#4105) * Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101) - use the 'profile profilename /path/to/binary' syntax to make 'ps aufxZ' more readable Moderate SUSE bug 1174041 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1166238 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 84.0.4147.89 boo#1174189: * Critical CVE-2020-6510: Heap buffer overflow in background fetch. * High CVE-2020-6511: Side-channel information leakage in content security policy. * High CVE-2020-6512: Type Confusion in V8. * High CVE-2020-6513: Heap buffer overflow in PDFium. * High CVE-2020-6514: Inappropriate implementation in WebRTC. * High CVE-2020-6515: Use after free in tab strip. * High CVE-2020-6516: Policy bypass in CORS. * High CVE-2020-6517: Heap buffer overflow in history. * Medium CVE-2020-6518: Use after free in developer tools. * Medium CVE-2020-6519: Policy bypass in CSP. * Medium CVE-2020-6520: Heap buffer overflow in Skia. * Medium CVE-2020-6521: Side-channel information leakage in autofill. * Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. * Medium CVE-2020-6523: Out of bounds write in Skia. * Medium CVE-2020-6524: Heap buffer overflow in WebAudio. * Medium CVE-2020-6525: Heap buffer overflow in Skia. * Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. * Low CVE-2020-6527: Insufficient policy enforcement in CSP. * Low CVE-2020-6528: Incorrect security UI in basic auth. * Low CVE-2020-6529: Inappropriate implementation in WebRTC. * Low CVE-2020-6530: Out of bounds memory access in developer tools. * Low CVE-2020-6531: Side-channel information leakage in scroll to text. * Low CVE-2020-6533: Type Confusion in V8. * Low CVE-2020-6534: Heap buffer overflow in WebRTC. * Low CVE-2020-6535: Insufficient data validation in WebUI. * Low CVE-2020-6536: Incorrect security UI in PWAs. - Use bundled xcb-proto as we need to generate py2 bindings - Try to fix non-wayland build for Leap builds Important SUSE bug 1174189 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for arc fixes the following issues: - CVE-2015-9275: Fixed a directory traversal vulnerability (boo#1121032). Moderate SUSE bug 1121032 CVE-2015-9275 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for redis fixes the following issues: - CVE-2020-14147: Context dependent attackers with permission to run Lua code in a Redis session could have caused a denial of service (memory corruption and application crash) or possibly bypass sandbox restrictions (boo#1173018) Moderate SUSE bug 1173018 CVE-2020-14147 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for singularity fixes the following issues: - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems: - CVE-2020-13845, boo#1174150 In Singularity 3.x versions below 3.6.0, issues allow the ECL to be bypassed by a malicious user. - CVE-2020-13846, boo#1174148 In Singularity 3.5 the --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. - CVE-2020-13847, boo#1174152 In Singularity 3.x versions below 3.6.0, Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file, allowing an attacker to cause unexpected behavior. A signed container may verify successfully, even when it has been modified in ways that could be exploited to cause malicious behavior. - New features / functionalities - A new '--legacy-insecure' flag to verify allows verification of SIF signatures in the old, insecure format. - A new '-l / --logs' flag for instance list that shows the paths to instance STDERR / STDOUT log files. - The --json output of instance list now include paths to STDERR / STDOUT log files. - Singularity now supports the execution of minimal Docker/OCI containers that do not contain /bin/sh, e.g. docker://hello-world. - A new cache structure is used that is concurrency safe on a filesystem that supports atomic rename. If you downgrade to Singularity 3.5 or older after using 3.6 you will need to run singularity cache clean. - A plugin system rework adds new hook points that will allow the development of plugins that modify behavior of the runtime. An image driver concept is introduced for plugins to support new ways of handling image and overlay mounts. Plugins built for <=3.5 are not compatible with 3.6. - The --bind flag can now bind directories from a SIF or ext3 image into a container. - The --fusemount feature to mount filesystems to a container via FUSE drivers is now a supported feature (previously an experimental hidden flag). - This permits users to mount e.g. sshfs and cvmfs filesystems to the container at runtime. - A new -c/--config flag allows an alternative singularity.conf to be specified by the root user, or all users in an unprivileged installation. - A new --env flag allows container environment variables to be set via the Singularity command line. - A new --env-file flag allows container environment variables to be set from a specified file. - A new --days flag for cache clean allows removal of items older than a specified number of days. Replaces the --name flag which is not generally useful as the cache entries are stored by hash, not a friendly name. - Changed defaults / behaviours - New signature format (see security fixes above). - Fixed spacing of singularity instance list to be dynamically changing based off of input lengths instead of fixed number of spaces to account for long instance names. - Environment variables prefixed with SINGULARITYENV_ always take precedence over variables without SINGULARITYENV_ prefix. - The %post build section inherits environment variables from the base image. - %files from ... will now follow symlinks for sources that are directly specified, or directly resolved from a glob pattern. It will not follow symlinks found through directory traversal. This mirrors Docker multi-stage COPY behaviour. - Restored the CWD mount behaviour of v2, implying that CWD path is not recreated inside container and any symlinks in the CWD path are not resolved anymore to determine the destination path inside container. - The %test build section is executed the same manner as singularity test image. --fusemount with the container: default directive will foreground the FUSE process. Use container-daemon: for previous behavior. - Deprecate -a / --all option to sign/verify as new signature behavior makes this the default. - For more information about upstream changes, please check: https://github.com/hpcng/singularity/blob/master/CHANGELOG.md - Removed --name flag for cache clean; replaced with --days. Important SUSE bug 1125369 SUSE bug 1128598 SUSE bug 1159550 SUSE bug 1174148 SUSE bug 1174150 SUSE bug 1174152 CVE-2019-11328 CVE-2019-19724 CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR * Fixed: Security fix * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173948 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1172410 CVE-2020-10749 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libvpx fixes the following issues: - CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611). - CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612). - CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613). - CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614). - CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160611 SUSE bug 1160612 SUSE bug 1160613 SUSE bug 1160614 SUSE bug 1160615 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1173389 CVE-2020-11996 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.13: * Query XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023) * Lack of escaping on some pages can lead to XSS exposure * Update PHPMailer to 6.1.6 (CVE-2020-13625) * SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295, boo#1173090) * Lack of escaping on template import can lead to XSS exposure - switch from cron to systemd timers (boo#1115436): + cacti-cron.timer + cacti-cron.service - avoid potential root escalation on systems with fs.protected_hardlinks=0 (boo#1154087): handle directory permissions in file section instead of using chown during post installation - rewrote apache configuration to get rid of .htaccess files and explicitely disable directory permissions per default (only allow a limited, well-known set of directories) Moderate SUSE bug 1115436 SUSE bug 1154087 SUSE bug 1173090 CVE-2020-11022 CVE-2020-11023 CVE-2020-13625 CVE-2020-14295 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1155419 CVE-2019-15681 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for salt contains the following fixes: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. (bsc#1165572) - Add option to enable/disable force refresh for zypper. - Add publish_batch to ClearFuncs exposed methods. - Adds test for zypper abbreviation fix. - Avoid segfault from 'salt-api' under certain conditions of heavy load managing SSH minions. (bsc#1169604) - Avoid traceback on debug logging for swarm module. (bsc#1172075) - Batch mode now also correctly provides return value. (bsc#1168340) - Better import cache handline. - Do not make file.recurse state to fail when msgpack 0.5.4. (bsc#1167437) - Do not require vendored backports-abc. (bsc#1170288) - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation. - Fix for low rpm_lowpkg unit test. - Fix for temp folder definition in loader unit test. - Fix for unless requisite when pip is not installed. - Fix integration test failure for test_mod_del_repo_multiline_values. - Fix regression in service states with reload argument. - Fix tornado imports and missing _utils after rebasing patches. - Fix status attribute issue in aptpkg test. - Improved storage pool or network handling. - loop: fix variable names for until_no_eval. - Make 'salt.ext.tornado.gen' to use 'salt.ext.backports_abc' on Python 2. - Make setup.py script not to require setuptools greater than 9.1. - More robust remote port detection. - Prevent sporious 'salt-api' stuck processes when managing SSH minions. because of logging deadlock. (bsc#1159284) - Python3.8 compatibility changes. - Removes unresolved merge conflict in yumpkg module. - Returns a the list of IPs filtered by the optional network list. - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341). (bsc#1170104) - Sanitize grains loaded from roster_grains.json cache during 'state.pkg'. - Various virt backports from 3000.2. - zypperpkg: filter patterns that start with dot. (bsc#1171906) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1159284 SUSE bug 1165572 SUSE bug 1167437 SUSE bug 1168340 SUSE bug 1169604 SUSE bug 1170104 SUSE bug 1170288 SUSE bug 1171906 SUSE bug 1172075 SUSE bug 1173072 SUSE bug 1174165 CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for knot fixes the following issues: - CVE-2017-11104: Fixed an improper implementation of TSIG protocol which could have allowed an attacker with a valid key name and algorithm to bypass TSIG authentication (boo#1047841). Moderate SUSE bug 1047841 CVE-2017-11104 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.13 fixes the following issues: - go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the database/sql, net/http, and reflect packages Refs bsc#1149259 go1.13 release tracking * go#39925 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39848 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39823 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39697 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39561 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it tries to use an older version of dlv which only supports linux/amd64 * go#39538 net: TestDialParallel is flaky on windows-amd64-longtest * go#39287 cmd/vet: update for new number formats * go#40211 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40209 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) * go#38932 runtime: preemption in startTemplateThread may cause infinite hang * go#36689 go/types, math/big: data race in go/types due to math/big.Rat accessors unsafe for concurrent use - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1149259 SUSE bug 1169832 SUSE bug 1172868 SUSE bug 1174153 SUSE bug 1174191 CVE-2020-14039 CVE-2020-15586 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173674 CVE-2020-15503 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: [bsc#1173703] * Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. * Clarify documentation about exported functions * Dump() was modifying original data, adding a PV to numbers * Support standard tags !!str, !!map and !!seq instead of dying. * Support JSON::PP::Boolean and boolean.pm via $YAML::XS::Boolean. * Fix regex roundtrip. Fix loading of many regexes. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173703 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freerdp fixes the following issues: frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to 'WLOG_TRACE'. - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1169679 SUSE bug 1169748 SUSE bug 1171441 SUSE bug 1171443 SUSE bug 1171444 SUSE bug 1171445 SUSE bug 1171446 SUSE bug 1171447 SUSE bug 1171474 SUSE bug 1173247 SUSE bug 1173605 SUSE bug 1174200 CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). - CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). - Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174117 SUSE bug 1174121 CVE-2020-13934 CVE-2020-13935 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for claws-mail fixes the following issues: - CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457). Moderate SUSE bug 1174457 CVE-2020-15917 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1173159 CVE-2020-10730 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-11-openjdk fixes the following issues: Update to version jdk-11.0.6-10 (January 2020 CPU, bsc#1160968) Fixing these security related issues: - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2655: Better TLS messaging support - CVE-2020-2654: Improve Object Identifier Processing This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1172743 CVE-2020-13867 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: - Update to version 70.0.3728.71 - DNA-86267 Make `Recently closed tabs` appearance consistent with `Search for open tabs`. - DNA-86988 Opera 70 translations - DNA-87530 Zen news leads not loading - DNA-87636 Fix displaying folder icon for closed windows in recently closed list - DNA-87682 Replace Extensions icon in toolbar with icon from sidebar - DNA-87756 Extend chrome.sessions.getRecentlyClosed with information about last active tab in window. - DNA-87778 Crash at opera::InstantSearchViewViews:: ~InstantSearchViewViews() - DNA-87815 Change affiliate links for AliExpress Search - Update to version 70.0.3728.59 - CHR-8010 Update chromium on desktop-stable-84-3728 to 84.0.4147.89 - DNA-87019 The video image does not respond to the pressing after closed the “Quit Opera?” dialog - DNA-87342 Fix right padding in settings > weather section - DNA-87427 Remove unneeded information from the requests’ diagnostics - DNA-87560 Crash at views::Widget::GetNativeView() - DNA-87561 Crash at CRYPTO_BUFFER_len - DNA-87599 Bypass VPN for default search engines doesn’t work - DNA-87611 Unittests fails on declarativeNetRequest and declarativeNetRequestFeedback permissions - DNA-87612 [Mac] Misaligned icon in address bar - DNA-87619 [Win/Lin] Misaligned icon in address bar - DNA-87716 [macOS/Windows] Crash when Search in tabs is open and Opera is minimized - DNA-87749 Crash at opera::InstantSearchSuggestionLineView:: SetIsHighlighted(bool) - The update to chromium 84.0.4147.89 fixes following issues: - CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513, CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517, CVE-2020-6518, CVE-2020-6519, CVE-2020-6520, CVE-2020-6521, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536 - Complete Opera 70.0 changelog at: https://blogs.opera.com/desktop/changelog-for-70/ - Update to version 69.0.3686.77 - DNA-84207 New Yubikey enrollment is not working - DNA-87185 Lost translation - DNA-87382 Integrate scrolling to top of the feed with the existing scroll position restoration - DNA-87535 Sort out news on start page state - DNA-87588 Merge “Prevent pointer from being sent in the clear over SCTP” to desktop-stable-83-3686 - Update to version 69.0.3686.57 - DNA-86682 Title case in Russian translation - DNA-86807 Title case in O69 BR Portuguese translation - DNA-87104 Right click context menu becomes scrollable sometimes - DNA-87376 Search in tabs opens significantly slower in O69 - DNA-87505 [Welcome Pages][Stats] Session stats for Welcome and Upgrade pages - DNA-87535 Sort out news on start page state Moderate CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where it did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10766: Fixed rogue cross-process SSBD shutdown. Linux scheduler logical bug allowed an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Fixed indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-10768: Fixed indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: Fixed a kernel stack information leak on s390/s390x. (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed. (bnc#1173074). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii was called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2020-14331: Fixed a buffer over write in vgacon_scroll (bnc#1174205). - CVE-2020-14331: Fixed an out of bounds write to the vgacon scrollback buffer (bsc#1174205). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-16166: The Linux kernel allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c (bnc#1174757). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753) - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - fix multiplication overflow in copy_fdtable() (bsc#1173825). - Fix Patch-mainline tag in the previous zram fix patch - fpga: dfl: fix bug in port reset handshake (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - io-mapping: indicate mapping failure (git-fixes). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - kvm: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - kvm: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - kvm: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - kvm: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move kabi patch into the right place - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Fix 'try' semantics of bus and slot reset (git-fixes). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc-mm-Remove-kvm-radix-prefetch-workaround-for-.patch - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc-xmon-don-t-access-ASDR-in-VMs.patch - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'ipv6: add mtu lock check in __ip6_rt_update_pmtu' (networking-stable-20_05_16). - Revert pciehp patches that broke booting (bsc#1174887) - Revert 'thermal: mediatek: fix register index error' (bsc#1111666). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - usb: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - usb: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - usb: serial: ch341: add new Product ID for CH340 (bsc#1111666). - usb: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - usb: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - usb: serial: option: add GosunCn GM500 series (bsc#1111666). - usb: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). Important SUSE bug 1051510 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1113956 SUSE bug 1114279 SUSE bug 1120163 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1151927 SUSE bug 1152107 SUSE bug 1152624 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1163309 SUSE bug 1166985 SUSE bug 1167104 SUSE bug 1168081 SUSE bug 1168959 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169771 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170442 SUSE bug 1170592 SUSE bug 1170617 SUSE bug 1170618 SUSE bug 1171124 SUSE bug 1171424 SUSE bug 1171529 SUSE bug 1171530 SUSE bug 1171558 SUSE bug 1171732 SUSE bug 1171739 SUSE bug 1171743 SUSE bug 1171753 SUSE bug 1171759 SUSE bug 1171835 SUSE bug 1171841 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1171988 SUSE bug 1172247 SUSE bug 1172257 SUSE bug 1172344 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172537 SUSE bug 1172538 SUSE bug 1172687 SUSE bug 1172719 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172871 SUSE bug 1172872 SUSE bug 1172963 SUSE bug 1172999 SUSE bug 1173060 SUSE bug 1173074 SUSE bug 1173146 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173284 SUSE bug 1173428 SUSE bug 1173514 SUSE bug 1173567 SUSE bug 1173573 SUSE bug 1173659 SUSE bug 1173746 SUSE bug 1173818 SUSE bug 1173820 SUSE bug 1173825 SUSE bug 1173826 SUSE bug 1173833 SUSE bug 1173838 SUSE bug 1173839 SUSE bug 1173845 SUSE bug 1173857 SUSE bug 1174070 SUSE bug 1174113 SUSE bug 1174115 SUSE bug 1174122 SUSE bug 1174123 SUSE bug 1174205 SUSE bug 1174296 SUSE bug 1174343 SUSE bug 1174356 SUSE bug 1174409 SUSE bug 1174438 SUSE bug 1174462 SUSE bug 1174543 SUSE bug 1174549 SUSE bug 1174658 SUSE bug 1174685 SUSE bug 1174757 SUSE bug 1174840 SUSE bug 1174841 SUSE bug 1174843 SUSE bug 1174844 SUSE bug 1174845 SUSE bug 1174887 CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14331 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 CVE-2020-16166 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 Chromium was updated to 84.0.4147.105 (boo#1174582): * CVE-2020-6537: Type Confusion in V8 * CVE-2020-6538: Inappropriate implementation in WebView * CVE-2020-6532: Use after free in SCTP * CVE-2020-6539: Use after free in CSS * CVE-2020-6540: Heap buffer overflow in Skia * CVE-2020-6541: Use after free in WebUSB Low SUSE bug 1174582 CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for grub2 fixes the following issues: - CVE-2020-10713 (bsc#1168994) - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - CVE-2020-15706 (bsc#1174463) - CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sarg fixes the following issues: - CVE-2019-18932: Fixed insecure usage of /tmp/sarg which potentially allowed privilege escalation or denial of service (boo#1156643). Important SUSE bug 1156643 CVE-2019-18932 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing 'allocate' naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174157 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.13 fixes the following issues: - go1.13 was updated to version 1.13.5 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1149259 SUSE bug 1174977 CVE-2020-16845 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Updated to Mozilla Thunderbird 68.11: * Fixed various security issues (MFSA-2020-35, bsc#1174538). * Fixed CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker (bsc#1174538). * Fixed CVE-2020-6514: WebRTC data channel leaks internal address to peer (bsc#1174538). * Fixed CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture (bsc#1174538). * Fixed CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11 (bsc#1174538). * Fixed a bug with FileLink attachments included as a link and file when added from a network drive via drag & drop (bmo#793118). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174538 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ark fixes the following issues: - Fixed a directory traversal bug (boo#1174773, CVE-2020-16116). Moderate SUSE bug 1174773 CVE-2020-16116 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (bsc#1173606) * CVE-2020-13164: NFS dissector crash (bsc#1171899) * CVE-2020-11647: The BACapp dissector could crash (bsc#1169063) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1169063 SUSE bug 1171899 SUSE bug 1173606 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for storeBackup fixes the following issues: - CVE-2020-7040: Fixed a symlink attack which could lead to denial of service (boo#1156767). Moderate SUSE bug 1156767 CVE-2020-7040 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172356 SUSE bug 1174543 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Chromium updated to 84.0.4147.125 (boo#1175085) * CVE-2020-6542: Use after free in ANGLE * CVE-2020-6543: Use after free in task scheduling * CVE-2020-6544: Use after free in media * CVE-2020-6545: Use after free in audio * CVE-2020-6546: Inappropriate implementation in installer * CVE-2020-6547: Incorrect security UI in media * CVE-2020-6548: Heap buffer overflow in Skia * CVE-2020-6549: Use after free in media * CVE-2020-6550: Use after free in IndexedDB * CVE-2020-6551: Use after free in WebXR * CVE-2020-6552: Use after free in Blink * CVE-2020-6553: Use after free in offline mode * CVE-2020-6554: Use after free in extensions * CVE-2020-6555: Out of bounds read in WebGL * Various fixes from internal audits, fuzzing and other initiatives - Disable wayland everywhere as it breaks headless and middle mouse copy everywhere: boo#1174497 boo#1175044 Important SUSE bug 1174497 SUSE bug 1175044 SUSE bug 1175085 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for balsa fixes the following issues: - CVE-2020-16118: Fixed a NULL pointer dereference (boo#1174711). Moderate SUSE bug 1174711 CVE-2020-16118 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for aubio fixes the following issues: - CVE-2019-1010224: Fixed a denial of service caused by null pointer dereference (boo#1142435). Moderate SUSE bug 1142433 SUSE bug 1142435 SUSE bug 1142436 CVE-2019-1010222 CVE-2019-1010223 CVE-2019-1010224 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for hylafax+ fixes the following issues: Hylafax was updated to upstream version 7.0.3. Security issues fixed: - CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem (boo#1173521). - CVE-2020-15397: Sourcing of files into binaries from user writeable directories (boo#1173519). Non-security issues fixed: * add UseSSLFax feature in sendfax, sendfax.conf, hyla.conf, and JobControl (31 Jul 2020) * be more resilient in listening for the Phase C carrier (30 Jul 2020) * make sure to return to command mode if HDLC receive times out (29 Jul 2020) * make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020) * don't attempt to write zero bytes of data to a TIFF (29 Jul 2020) * don't ever respond to CRP with CRP (28 Jul 2020) * reset frame counter when a sender retransmits PPS for a previously confirmed ECM block (26 Jul 2020) * scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020) * fix modem recovery after SSL Fax failure (22, 26 Jul 2020) * ignore echo of PPR, RTN, CRP (10, 13, 21 Jul 2020) * attempt to handle NSF/CSI/DIS in Class 1 sending Phase D (6 Jul 2020) * run scripts directly rather than invoking them via a shell for security hardening (3-5 Jul 2020) * add senderFumblesECM feature (3 Jul 2020) * add support for PIN/PIP/PRI-Q/PPS-PRI-Q signals, add senderConfusesPIN feature, and utilize PIN for rare conditions where it may be helpful (2, 6, 13-14 Jul 2020) * add senderConfusesRTN feature (25-26 Jun 2020) * add MissedPageHandling feature (24 Jun 2020) * use and handle CFR in Phase D to retransmit Phase C (16, 23 Jun 2020) * cope with hearing echo of RR, CTC during Class 1 sending (15-17 Jun 2020) * fix listening for retransmission of MPS/EOP/EOM if it was received corrupt on the first attempt (15 Jun 2020) * don't use CRP when receiving PPS/PPM as some senders think we are sending MCF (12 Jun 2020) * add BR_SSLFAX to show SSL Fax in notify and faxinfo output (1 Jun 2020) * have faxinfo put units on non-standard page dimensions (28 May 2020) * improve error messages for JobHost connection errors (22 May 2020) * fix perpetual blocking of jobs when a job preparation fails, attempt to fix similar blocking problems for bad jobs in batches, and add 'unblock' faxconfig feature (21 May 2020) * ignore TCF if we're receiving an SSL Fax (31 Jan 2020) * fixes for build on FreeBSD 12.1 (31 Jan - 3 Feb 2020) Moderate SUSE bug 1173519 SUSE bug 1173521 CVE-2020-15396 CVE-2020-15397 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). - CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working (bsc#1160850). - CVE-2019-19344: Fixed a server crash when using dns zone scavenging = yes (bsc#1160852). Non-security issue fixed: - Fixed Ceph snapshot path handling relative to root (bsc#1141320). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1141320 SUSE bug 1160850 SUSE bug 1160852 SUSE bug 1160888 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libreoffice fixes the following issues: - Update to 6.4.5.2: * Various fixes all around - Remove mime-info and application-registry dirs bsc#1062631 - Fix bsc#1172053 - LO-L3: Image disappears during roundtrip 365->Impress->365 * bsc1172053.diff - Fix bsc#1172189 - LO-L3: Impress crashes midway opening a PPTX document * bsc1172189.diff - Fix bsc#1157627 - LO-L3: Some XML-created shapes simply lost upon PPTX import (= earth loses countries) * bsc1157627.diff - Fix bsc#1146025 - LO-L3: Colored textboxes in PPTX look very odd (SmartArt) - Fix bsc#1165849 - LO-L3: Shadow size for rectangle is only a fraction of Office 365 * bsc1165849-1.diff * bsc1165849-2.diff * bsc1165849-3.diff This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1062631 SUSE bug 1146025 SUSE bug 1157627 SUSE bug 1165849 SUSE bug 1172053 SUSE bug 1172189 SUSE bug 1172795 SUSE bug 1172796 CVE-2020-12802 CVE-2020-12803 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql96, postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985) - https://www.postgresql.org/about/news/2011/ - https://www.postgresql.org/docs/10/release-10-12.html postgresql10 was updated to 10.11: - https://www.postgresql.org/about/news/1994/ - https://www.postgresql.org/docs/10/release-10-11.html postgresql12 was updated to 12.3 (bsc#1171924). Bug Fixes and Improvements: - Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input. - Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes. - Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects. - Allow for a partition to be detached when it has inherited ROW triggers. - Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails. - Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression. - Fix performance regression in floating point overflow/underflow detection. - Several fixes for full text search, particularly with phrase searching. - Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause. - Several reporting fixes for the output of VACUUM VERBOSE. - Allow input of type circle to accept the format (x,y),r, which is specified in the documentation. - Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB. - Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived. - Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines. - Several fixes for logical replication and replication slots. - Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting. - Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption. - Ensure that members of the pg_read_all_stats role can read all statistics views. - Fix performance regression in information_schema.triggers view. - Fix memory leak in libpq when using sslmode=verify-full. - Fix crash in psql when attempting to re-establish a failed connection. - Allow tab-completion of the filename argument to \gx command in psql. - Add pg_dump support for ALTER ... DEPENDS ON EXTENSION. - Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end. - Ensure pg_basebackup generates valid tar files. - pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version - Several Windows compatibility fixes This update also contains timezone tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions. For more details, check out: - https://www.postgresql.org/docs/12/release-12-3.html Other fixes: - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. postgresql96 was updated to 9.6.19: * CVE-2020-14350, boo#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/9.6/release-9-6-19.html - Pack the /usr/lib/postgresql symlink only into the main package. - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. - update to 9.6.18 (boo#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/9.6/release-9-6-18.html - Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance. - Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (boo#1148643). - update to 9.6.17 (CVE-2020-1720, boo#1163985) https://www.postgresql.org/about/news/2011/ https://www.postgresql.org/docs/9.6/release-9-6-17.html - use and package the sha256 checksum for for source - update to 9.6.16: https://www.postgresql.org/about/news/1994/ https://www.postgresql.org/docs/9.6/release-9-6-16.html - add requires to the devel package for the libs that are returned by pg_config --libs - Update to 9.6.15: * https://www.postgresql.org/about/news/1960/ * https://www.postgresql.org/docs/9.6/release-9-6-15.html * CVE-2019-10208, boo#1145092: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution. - Use FAT LTO objects in order to provide proper static library. - Update to 9.6.14: https://www.postgresql.org/docs/9.6/release-9-6-14.html - Update to 9.6.13: * https://www.postgresql.org/docs/9.6/release-9-6-13.html * https://www.postgresql.org/about/news/1939/ * CVE-2019-10130, boo#1134689: Prevent row-level security policies from being bypassed via selectivity estimators. - Make the server-devel package exclusive across versions. - Update to 9.6.12: * https://www.postgresql.org/docs/9.6/release-9-6-12.html * https://www.postgresql.org/about/news/1920/ * By default, panic instead of retrying after fsync() failure, to avoid possible data corruption. * Numerous other bug fixes. - Overhaul README.SUSE - Update to 9.6.11: * Numerous bug fixes, see the release notes: https://www.postgresql.org/docs/9.6/release-9-6-11.html * Remove unneeded library dependencies from PGXS. - add provides for the new server-devel package that will be introduced in postgresql 11 - Update to 9.6.10: https://www.postgresql.org/docs/current/static/release-9-6-10.html * CVE-2018-10915, boo#1104199: Fix failure to reset libpq's state fully between connection attempts. * CVE-2018-10925, boo#1104202: Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT * FROM ... - Update to 9.6.9: https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. * CVE-2018-1115, boo#1091610: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. * Fix incorrect volatility markings on a few built-in functions * Fix incorrect parallel-safety markings on a few built-in functions. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1091610 SUSE bug 1104199 SUSE bug 1104202 SUSE bug 1134689 SUSE bug 1145092 SUSE bug 1148643 SUSE bug 1163985 SUSE bug 1171924 SUSE bug 1175194 CVE-2018-10915 CVE-2018-10925 CVE-2018-1115 CVE-2019-10130 CVE-2019-10208 CVE-2020-14350 CVE-2020-1720 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixes an issue where git send-email failed to authenticate with SMTP server (bsc#1082023) Bug fixes: - Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1082023 SUSE bug 1149792 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apt-cacher-ng fixes the following issues: - CVE-2019-18899: Fixed a symlink attack which could allow to overwrite arbitrary data (boo#1157703). - CVE-2020-5202: Fixed an information leak if a local user won a race condition to listen to localhost:3142 (boo#1157706). Important SUSE bug 1157703 SUSE bug 1157706 CVE-2019-18899 CVE-2020-5202 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dovecot23 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174091 CVE-2019-20907 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 84.0.4147.135 (boo#1175505): * CVE-2020-6556: Heap buffer overflow in SwiftShader Moderate SUSE bug 1175505 CVE-2020-6556 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1106843 SUSE bug 1113719 SUSE bug 941629 CVE-2018-18751 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for inn fixes the following issues: - change file owners in /usr/lib/news to root [boo#1172573] [CVE-2020-8026] Moderate SUSE bug 1172573 CVE-2020-8026 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172745 SUSE bug 1174421 CVE-2020-15705 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175074 CVE-2020-11984 CVE-2020-11993 CVE-2020-9490 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1093447 CVE-2018-10196 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill - CVE-2020-6561: Inappropriate implementation in Content Security Policy - CVE-2020-6562: Insufficient policy enforcement in Blink - CVE-2020-6563: Insufficient policy enforcement in intent handling. - CVE-2020-6564: Incorrect security UI in permissions - CVE-2020-6565: Incorrect security UI in Omnibox. - CVE-2020-6566: Insufficient policy enforcement in media. - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. - CVE-2020-6568: Insufficient policy enforcement in intent handling. - CVE-2020-6569: Integer overflow in WebUSB. - CVE-2020-6570: Side-channel information leakage in WebRTC. - CVE-2020-6571: Incorrect security UI in Omnibox. Important SUSE bug 1175757 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ark fixes the following issues: - CVE-2020-24654: maliciously crafted TAR archive can install files outside the extraction directory (boo#1175857) Moderate SUSE bug 1175857 CVE-2020-24654 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1175193 SUSE bug 1175194 CVE-2020-14349 CVE-2020-14350 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetach(views::View const*) - DNA-87831 [Linux] Sidebar panel cannot be pinned - DNA-88057 [Win] Black rectangle flickers at the bottom of the page on startup - DNA-88157 Sidebar Messenger too low in FullScreen mode - DNA-88238 [macOS 10.15] Toolbar buttons not visible on inactive tab - The update to chromium 84.0.4147.125 fixes following issues: - CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-6555 - Update to version 70.0.3728.119 - DNA-88215 Introduce easy-setup-hint-ref feature flag - Update to version 70.0.3728.106 - DNA-88014 [Mac] Toolbar in fullscreen disabled after using fullscreen from videoplayer - Update to version 70.0.3728.95 - CHR-8026 Update chromium on desktop-stable-84-3728 to 84.0.4147.105 - DNA-86340 Wrong link to the help page - DNA-87394 [Big Sur] Some popovers have incorrectly themed arrow - DNA-87647 [Win] The [+] button flickers after creating a new tab - DNA-87794 Crash at aura::Window::SetVisible(bool) - DNA-87796 Search in tabs should closed on second click - DNA-87863 Parameter placing issue in all languages - The update to chromium 84.0.4147.105 fixes following issues: - CVE-2020-6537, CVE-2020-6538, CVE-2020-6532, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541 Important CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1085308 bnc#1087082 bnc#1172782 bnc#1172783). Mitigations for Arm had not been included yet. - CVE-2020-14314: Fixed potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a buffer over write in vgacon_scroll (bnc#1174205). - CVE-2020-14356: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system (bnc#1175213). - CVE-2020-1749: Some ipv6 protocols were not encrypted over ipsec tunnels (bsc#1165629). - CVE-2020-24394: fs/nfsd/vfs.c (in the NFS server) could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered (bnc#1175518). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547) - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on &lt;linux/prctl.h> (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: &lt;uapi/asm/ptrace.h> should not depend on &lt;uapi/linux/prctl.h> (bsc#1175401). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) - drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178) - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5: Delete extra dump stack that gives nothing (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (bsc#1111666). - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (bsc#1113956) * refresh for context changes - Revert 'ocfs2: avoid inode removal while nfsd is accessing it' This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - usb: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). Important SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083548 SUSE bug 1085030 SUSE bug 1085308 SUSE bug 1087082 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1113956 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1152148 SUSE bug 1163524 SUSE bug 1165629 SUSE bug 1166965 SUSE bug 1169790 SUSE bug 1170232 SUSE bug 1171688 SUSE bug 1172073 SUSE bug 1172108 SUSE bug 1172418 SUSE bug 1172428 SUSE bug 1172783 SUSE bug 1172871 SUSE bug 1172872 SUSE bug 1172873 SUSE bug 1172963 SUSE bug 1173485 SUSE bug 1173798 SUSE bug 1173954 SUSE bug 1174003 SUSE bug 1174026 SUSE bug 1174205 SUSE bug 1174387 SUSE bug 1174484 SUSE bug 1174547 SUSE bug 1174550 SUSE bug 1174625 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174734 SUSE bug 1174771 SUSE bug 1174852 SUSE bug 1174873 SUSE bug 1174904 SUSE bug 1174926 SUSE bug 1174968 SUSE bug 1175062 SUSE bug 1175063 SUSE bug 1175064 SUSE bug 1175065 SUSE bug 1175066 SUSE bug 1175067 SUSE bug 1175112 SUSE bug 1175127 SUSE bug 1175128 SUSE bug 1175149 SUSE bug 1175199 SUSE bug 1175213 SUSE bug 1175228 SUSE bug 1175232 SUSE bug 1175284 SUSE bug 1175393 SUSE bug 1175394 SUSE bug 1175396 SUSE bug 1175397 SUSE bug 1175398 SUSE bug 1175399 SUSE bug 1175400 SUSE bug 1175401 SUSE bug 1175402 SUSE bug 1175403 SUSE bug 1175404 SUSE bug 1175405 SUSE bug 1175406 SUSE bug 1175407 SUSE bug 1175408 SUSE bug 1175409 SUSE bug 1175410 SUSE bug 1175411 SUSE bug 1175412 SUSE bug 1175413 SUSE bug 1175414 SUSE bug 1175415 SUSE bug 1175416 SUSE bug 1175417 SUSE bug 1175418 SUSE bug 1175419 SUSE bug 1175420 SUSE bug 1175421 SUSE bug 1175422 SUSE bug 1175423 SUSE bug 1175440 SUSE bug 1175493 SUSE bug 1175515 SUSE bug 1175518 SUSE bug 1175526 SUSE bug 1175550 SUSE bug 1175654 SUSE bug 1175666 SUSE bug 1175667 SUSE bug 1175668 SUSE bug 1175669 SUSE bug 1175670 SUSE bug 1175767 SUSE bug 1175768 SUSE bug 1175769 SUSE bug 1175770 SUSE bug 1175771 SUSE bug 1175772 SUSE bug 1175786 SUSE bug 1175873 CVE-2018-3639 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-1749 CVE-2020-24394 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1174321 CVE-2020-15103 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175109 CVE-2020-8231 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1173455 SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). - Do not install outdated README.SUSE (bsc#1174010). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173786 SUSE bug 1174010 SUSE bug 1175223 CVE-2020-7068 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14386: Fixed an overflow in tpacket_rcv in af_packet that could lead to a local privilege escalation ( bsc#1176069). The following non-security bugs were fixed: - bonding: check error value of register_netdevice() immediately (git-fixes). - bonding: check return value of register_netdevice() in bond_newlink() (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - mlx4: disable device on shutdown (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration (git-fixes). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). Important SUSE bug 1058115 SUSE bug 1112178 SUSE bug 1136666 SUSE bug 1171558 SUSE bug 1173060 SUSE bug 1175691 SUSE bug 1176069 CVE-2020-14386 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 68.12 (bsc#1175686) - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension installation - CVE-2020-15669: Use-After-Free when aborting an operation This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15669 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-Flask-Cors fixes the following issues: - CVE-2020-25032: fix a relative directory traversal vulnerability (bsc#1175986). Moderate SUSE bug 1175986 CVE-2020-25032 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7-imagick fixes the following issues: Upgrade to version 3.4.4: Added: * function Imagick::optimizeImageTransparency() * METRIC_STRUCTURAL_SIMILARITY_ERROR * METRIC_STRUCTURAL_DISSIMILARITY_ERROR * COMPRESSION_ZSTD - https://github.com/facebook/zstd * COMPRESSION_WEBP * CHANNEL_COMPOSITE_MASK * FILTER_CUBIC_SPLINE - 'Define the lobes with the -define filter:lobes={2,3,4} (reference https://imagemagick.org/discourse-server/viewtopic.php?f=2&t=32506).' * Imagick now explicitly conflicts with the Gmagick extension. Fixes: * Correct version check to make RemoveAlphaChannel and FlattenAlphaChannel be available when using Imagick with ImageMagick version 6.7.8-x * Bug 77128 - Imagick::setImageInterpolateMethod() not available on Windows * Prevent memory leak when ImagickPixel::__construct called after object instantiation. * Prevent segfault when ImagickPixel internal constructor not called. * Imagick::setResourceLimit support for values larger than 2GB (2^31) on 32bit platforms. * Corrected memory overwrite in Imagick::colorDecisionListImage() * Bug 77791 - ImagickKernel::fromMatrix() out of bounds write. Fixes CVE-2019-11037, boo#1135418 The following functions have been deprecated: * ImagickDraw, matte * Imagick::averageimages * Imagick::colorfloodfillimage * Imagick::filter * Imagick::flattenimages * Imagick::getimageattribute * Imagick::getimagechannelextrema * Imagick::getimageclipmask * Imagick::getimageextrema * Imagick::getimageindex * Imagick::getimagematte * Imagick::getimagemattecolor * Imagick::getimagesize * Imagick::mapimage * Imagick::mattefloodfillimage * Imagick::medianfilterimage * Imagick::mosaicimages * Imagick::orderedposterizeimage * Imagick::paintfloodfillimage * Imagick::paintopaqueimage * Imagick::painttransparentimage * Imagick::radialblurimage * Imagick::recolorimage * Imagick::reducenoiseimage * Imagick::roundcornersimage * Imagick::roundcorners * Imagick::setimageattribute * Imagick::setimagebias * Imagick::setimageclipmask * Imagick::setimageindex * Imagick::setimagemattecolor * Imagick::setimagebiasquantum * Imagick::setimageopacity * Imagick::transformimage Moderate SUSE bug 1135418 CVE-2019-11037 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1164903 SUSE bug 1169832 SUSE bug 1170826 SUSE bug 1172868 SUSE bug 1174153 SUSE bug 1174191 SUSE bug 1174977 CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172491 CVE-2020-13790 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174154 CVE-2020-15719 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gimp fixes the following issue: - CVE-2017-17789: Fix heap buffer overflow in PSP importer (bsc#1073627). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1073627 CVE-2017-17789 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slurm fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch (CVE-2020-12693, bsc#1172004). - Remove unneeded build dependency to postgresql-devel. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1172004 CVE-2020-12693 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176179 CVE-2020-24977 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libqt4 fixes the following issues: * Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507) * Fix 'double free or corruption' in QXmlStreamReader (boo#1118595, CVE-2018-15518) * Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873) * Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869) Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 SUSE bug 1121214 SUSE bug 1176315 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo#1168029 OSA-2020-10: * Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. - CVE-2020-1772 boo#1168029 OSA-2020-09: * Information Disclosure It’s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. - CVE-2020-1771 boo#1168030 OSA-2020-08: * Possible XSS in Customer user address book Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. - CVE-2020-1770 boo#1168031 OSA-2020-07: * Information disclosure in support bundle files Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. - CVE-2020-1769 boo#1168032 OSA-2020-06: * Autocomplete in the form login screens In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. Update to 5.0.41 https://community.otrs.com/otrs-community-edition-5s-patch-level-41/ * bug#14912 - Installer refers to non-existing documentation - added code to upgrade OTRS from 4 to 5 READ UPGRADING.SUSE * steps 1 to 4 are done by rpm pkg * steps 5 to *END* need to be done manually cause of DB backup Update to 5.0.40 https://community.otrs.com/otrs-community-edition-5s-patch-level-40/ - CVE-2020-1766 boo#1160663 OSA-2020-02: Improper handling of uploaded inline images Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. * CVE-2020-1765, OSA-2020-01: Spoofing of From field in several screens An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound * run bin/otrs.Console.pl Maint::Config::Rebuild after the upgrade - Update 5.0.39 https://community.otrs.com/otrs-community-edition-5s-patch-level-39/ * CVE-2019-18180 boo#1157001 OSA-2019-15: Denial of service OTRS can be put into an endless loop by providing filenames with overly long extensions. This applies to the PostMaster (sending in email) and also upload (attaching files to mails, for example). * CVE-2019-18179 OSA-2019-14: Information Disclosure An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. Update to 5.0.38 https://community.otrs.com/release-notes-otrs-5s-patch-level-38/ * CVE-2019-16375, boo#1156431 OSA-2019-13: Stored XXS An attacker who is logged into OTRS as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent compose an answer to the original article. Update to 5.0.37 https://community.otrs.com/release-notes-otrs-5s-patch-level-37/ * CVE-2019-13458, boo#1141432, OSA-2019-12: Information Disclosure An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS tags in templates in order to disclose hashed user passwords. * CVE-2019-13457, boo#1141431, OSA-2019-11: Information Disclosure A customer user can use the search results to disclose information from their “company” tickets (with the same CustomerID), even when CustomerDisableCompanyTicketAccess setting is turned on. * CVE-2019-12746, boo#1141430, OSA-2019-10: Session ID Disclosure A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then potentially abused in order to impersonate the agent user. Update to 5.0.36 https://community.otrs.com/release-notes-otrs-5s-patch-level-36/ * CVE-2019-12497, boo#1137614, OSA-2019-09: Information Disclosure In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. * CVE-2019-12248, boo#1137615, OSA-2019-08: Loading External Image Resources An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. Update to 5.0.35 https://community.otrs.com/release-notes-otrs-5s-patch-level-35/ * CVE-2019-10067, boo#1139406, OSA-2019-05: Reflected and Stored XSS An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. * CVE-2019-9892, boo#1139406, OSA-2019-04: XXE Processing An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. - update missing CVE for OSA-2018-10, OSA-2019-01 Update to 5.0.34 * https://community.otrs.com/release-notes-otrs-5s-patch-level-34/ * CVE-2019-9752, boo#1122560, OSA-2019-01: Stored XSS An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. Update to 5.0.33 * https://community.otrs.com/release-notes-otrs-5s-patch-level-33/ Update to 5.0.26 * https://www.otrs.com/release-notes-otrs-5s-patch-level-26 * https://www.otrs.com/release-notes-otrsitsm-module-5s-patch-level-26/ - remove obsolete * otrs-scheduler.service * otrs-scheduler.init This update was imported from the openSUSE:Leap:15.1:Update update project. Moderate SUSE bug 1122560 SUSE bug 1137614 SUSE bug 1137615 SUSE bug 1139406 SUSE bug 1141430 SUSE bug 1141431 SUSE bug 1141432 SUSE bug 1156431 SUSE bug 1157001 SUSE bug 1160663 SUSE bug 1168029 SUSE bug 1168030 SUSE bug 1168031 SUSE bug 1168032 CVE-2019-10067 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746 CVE-2019-13457 CVE-2019-13458 CVE-2019-16375 CVE-2019-18179 CVE-2019-18180 CVE-2019-9752 CVE-2019-9892 CVE-2020-1765 CVE-2020-1766 CVE-2020-1769 CVE-2020-1770 CVE-2020-1771 CVE-2020-1772 CVE-2020-1773 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for fossil fixes the following issues: - fossil 2.12.1: * CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code [boo#1175760] * Security fix in the 'fossil git export' command. New 'safety-net' features were added to prevent similar problems in the future. * Enhancements to the graph display for cases when there are many cherry-pick merges into a single check-in. Example * Enhance the fossil open command with the new --workdir option and the ability to accept a URL as the repository name, causing the remote repository to be cloned automatically. Do not allow 'fossil open' to open in a non-empty working directory unless the --keep option or the new --force option is used. * Enhance the markdown formatter to more closely follow the CommonMark specification with regard to text highlighting. Underscores in the middle of identifiers (ex: fossil_printf()) no longer need to be escaped. * The markdown-to-html translator can prevent unsafe HTML (for example: <script>) on user-contributed pages like forum and tickets and wiki. The admin can adjust this behavior using the safe-html setting on the Admin/Wiki page. The default is to disallow unsafe HTML everywhere. * Added the 'collapse' and 'expand' capability for long forum posts. * The 'fossil remote' command now has options for specifying multiple persistent remotes with symbolic names. Currently only one remote can be used at a time, but that might change in the future. * Add the 'Remember me?' checkbox on the login page. Use a session cookie for the login if it is not checked. * Added the experimental 'fossil hook' command for managing 'hook scripts' that run before checkin or after a push. * Enhance the fossil revert command so that it is able to revert all files beneath a directory. * Add the fossil bisect skip command. * Add the fossil backup command. * Enhance fossil bisect ui so that it shows all unchecked check-ins in between the innermost 'good' and 'bad' check-ins. * Added the --reset flag to the 'fossil add', 'fossil rm', and 'fossil addremove' commands. * Added the '--min N' and '--logfile FILENAME' flags to the backoffice command, as well as other enhancements to make the backoffice command a viable replacement for automatic backoffice. Other incremental backoffice improvements. * Added the /fileedit page, which allows editing of text files online. Requires explicit activation by a setup user. * Translate built-in help text into HTML for display on web pages. * On the /timeline webpage, the combination of query parameters 'p=CHECKIN' and 'bt=ANCESTOR' draws all ancestors of CHECKIN going back to ANCESTOR. * Update the built-in SQLite so that the 'fossil sql' command supports new output modes '.mode box' and '.mode json'. * Add the 'obscure()' SQL function to the 'fossil sql' command. * Added virtual tables 'helptext' and 'builtin' to the 'fossil sql' command, providing access to the dispatch table including all help text, and the builtin data files, respectively. * Delta compression is now applied to forum edits. * The wiki editor has been modernized and is now Ajax-based. - Package the fossil.1 manual page. - fossil 2.11.1: * Make the 'fossil git export' command more restrictive about characters that it allows in the tag names - Add fossil-2.11-reproducible.patch to override build date (boo#1047218) Important SUSE bug 1047218 SUSE bug 1175760 CVE-2020-24614 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a privilege escalation during package install. Could be exploited by a local users who is members of the the mailman group. (boo#1154328) Moderate SUSE bug 1154328 CVE-2019-3693 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for singularity fixes the following issues: New version 3.6.3, addresses the following security issues: - CVE-2020-25039, boo#1176705 When a Singularity action command (run, shell, exec) is run with the fakeroot or user namespace option, Singularity will extract a container image to a temporary sandbox directory. Due to insecure permissions on the temporary directory it is possible for any user with access to the system to read the contents of the image. Additionally, if the image contains a world-writable file or directory, it is possible for a user to inject arbitrary content into the running container. - CVE-2020-25040, boo#1176707 When a Singularity command that results in a container build operation is executed, it is possible for a user with access to the system to read the contents of the image during the build. Additionally, if the image contains a world-writable file or directory, it is possible for a user to inject arbitrary content into the running build, which in certain circumstances may enable arbitrary code execution during the build and/or when the built container is run. New version 3.6.2, new features / functionalities: -Add --force option to singularity delete for non-interactive workflows. -Support compilation with FORTIFY_SOURCE=2 and build in pie mode with fstack-protector enabled - Changed defaults / behaviours -Default to current architecture for singularity delete. - Bug Fixes -Respect current remote for singularity delete command. -Allow rw as a (noop) bind option. -Fix capability handling regression in overlay mount. -Fix LD_LIBRARY_PATH environment override regression with --nv/--rocm. -Fix environment variable duplication within singularity engine. -Use -user-xattrs for unsquashfs to avoid error with rootless extraction using unsquashfs 3.4 -Correct --no-home message for 3.6 CWD behavior. -Don't fail if parent of cache dir not accessible. -Fix tests for Go 1.15 Ctty handling. -Fix additional issues with test images on ARM64. -Fix FUSE e2e tests to use container ssh_config. -Provide advisory message r.e. need for upper and work to exist in overlay images. -Use squashfs mem and processor limits in squashfs gzip check. -Ensure build destination path is not an empty string - do not overwrite CWD. -Don't unset PATH when interpreting legacy /environment files. Moderate SUSE bug 1176705 SUSE bug 1176707 CVE-2020-25039 CVE-2020-25040 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.102 (bsc#1176306) fixing: - CVE-2020-6573: Use after free in video. - CVE-2020-6574: Insufficient policy enforcement in installer. - CVE-2020-6575: Race in Mojo. - CVE-2020-6576: Use after free in offscreen canvas. - CVE-2020-15959: Insufficient policy enforcement in networking. Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill - CVE-2020-6561: Inappropriate implementation in Content Security Policy - CVE-2020-6562: Insufficient policy enforcement in Blink - CVE-2020-6563: Insufficient policy enforcement in intent handling. - CVE-2020-6564: Incorrect security UI in permissions - CVE-2020-6565: Incorrect security UI in Omnibox. - CVE-2020-6566: Insufficient policy enforcement in media. - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. - CVE-2020-6568: Insufficient policy enforcement in intent handling. - CVE-2020-6569: Integer overflow in WebUSB. - CVE-2020-6570: Side-channel information leakage in WebRTC. - CVE-2020-6571: Incorrect security UI in Omnibox. Important SUSE bug 1175757 SUSE bug 1176306 SUSE bug 1176450 CVE-2020-15959 CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1157651 CVE-2019-18898 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for virtualbox fixes the following issues: Version Bump to 6.0.24 (released July 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: - API: Fix unintentionally enabled audio due to a settings file version dependent bug - VBoxManage: Fix crash of 'VBoxManage internalcommands repairhd' when processing invalid input (bug #19579) - Guest Additions: Fix issues detecting guest additions ISO at runtime - Fixes CVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649, CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676, CVE-2020-14677, CVE-2020-14699, CVE-2020-14711, CVE-2020-14629, CVE-2020-14703, CVE-2020-14704, CVE-2020-14648, CVE-2020-14650, CVE-2020-14673, CVE-2020-14694, CVE-2020-14695, CVE-2020-14698, CVE-2020-14700, CVE-2020-14712, CVE-2020-14707, CVE-2020-14714, CVE-2020-14715 boo#1174159 Important SUSE bug 1174159 CVE-2020-14628 CVE-2020-14629 CVE-2020-14646 CVE-2020-14647 CVE-2020-14648 CVE-2020-14649 CVE-2020-14650 CVE-2020-14673 CVE-2020-14674 CVE-2020-14675 CVE-2020-14676 CVE-2020-14677 CVE-2020-14694 CVE-2020-14695 CVE-2020-14698 CVE-2020-14699 CVE-2020-14700 CVE-2020-14703 CVE-2020-14704 CVE-2020-14707 CVE-2020-14711 CVE-2020-14712 CVE-2020-14713 CVE-2020-14714 CVE-2020-14715 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1176579 CVE-2020-1472 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for roundcubemail fixes the following issues: roundcubemail was upgraded to 1.3.15 This is a security update to the LTS version 1.3. (boo#1175135) * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145] * Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content From 1.3.14 (boo#1173792 -> CVE-2020-15562) * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace From 1.3.13 * Installer: Fix regression in SMTP test section (#7417) From 1.3.12 * Security: Better fix for CVE-2020-12641 (boo#1171148) * Security: Fix XSS issue in template object 'username' (#7406) * Security: Fix couple of XSS issues in Installer (#7406) * Security: Fix cross-site scripting (XSS) via malicious XML attachment From 1.3.11 (boo#1171148 -> CVE-2020-12641 boo#1171040 -> CVE-2020-12625 boo#1171149 -> CVE-2020-12640) * Enigma: Fix compatibility with Mail_Mime >= 1.10.5 * Fix permissions on some folders created by bin/install-jsdeps.sh script (#6930) * Fix bug where inline images could have been ignored if Content-Id header contained redundant spaces (#6980) * Fix PHP Warning: Use of undefined constant LOG_EMERGE (#6991) * Fix PHP warning: 'array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003) * Security: Fix XSS issue in handling of CDATA in HTML messages * Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings * Security: Fix local file inclusion (and code execution) via crafted 'plugins' option * Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) From 1.3.10 (boo#1146286) * Managesieve: Fix so 'Create filter' option does not show up when Filters menu is disabled (#6723) * Enigma: Fix bug where revoked users/keys were not greyed out in key info * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) * Enigma: Fix 'decryption oracle' bug [CVE-2019-10740] (#6638) * Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785) * Fix bug where bmp images couldn't be displayed on some systems (#6728) * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) * Fix bug where selection of columns on messages list wasn't working * Fix bug in converting multi-page Tiff images to Jpeg (#6824) * Fix wrong messages order after returning to a multi-folder search result (#6836) * Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866) * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) From 1.3.9 (boo#1115718) * Fix TinyMCE download location (#6694) * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) * Fix handling of empty entries in vCard import (#6564) * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) * Fix missing CSRF token on a link to download too-big message part (#6621) * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) From 1.3.8 * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) * Enigma: Fix deleting keys with authentication subkeys (#6381) * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) * Fix so Classic skin splitter does not escape out of window (#6397) * Fix XSS issue in handling invalid style tag content (#6410) * Fix compatibility with MySQL 8 - error on 'system' table use * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) * Fix support for 'allow-from <uri>' in 'x_frame_options' config option (#6449) * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) * Fix multiple VCard field search (#6466) * Fix session issue on long running requests (#6470) From 1.3.7 (boo#1115719) * Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) * Fix bug where some parts of quota information could have been ignored (#6280) * Fix bug where some escape sequences in html styles could bypass security checks * Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names * Fix bug where only attachments with the same name would be ignored on zip download (#6301) * Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) * Fix bug where after 'mark all folders as read' action message counters were not reset (#6307) * Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) * Fix bug where some HTML comments could have been malformed by HTML parser (#6333) Moderate SUSE bug 1115718 SUSE bug 1115719 SUSE bug 1146286 SUSE bug 1171040 SUSE bug 1171148 SUSE bug 1171149 SUSE bug 1173792 SUSE bug 1175135 CVE-2019-10740 CVE-2020-12625 CVE-2020-12640 CVE-2020-12641 CVE-2020-15562 CVE-2020-16145 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1010979 SUSE bug 1010980 SUSE bug 1020451 SUSE bug 1020456 SUSE bug 1020458 SUSE bug 1020460 SUSE bug 1045450 SUSE bug 1057152 SUSE bug 1088278 SUSE bug 1114498 SUSE bug 1115637 SUSE bug 1117328 SUSE bug 1120805 SUSE bug 1120807 CVE-2016-9398 CVE-2016-9399 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9252 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 85.0.4183.121 (boo#1176791): - CVE-2020-15960: Out of bounds read in storage - CVE-2020-15961: Insufficient policy enforcement in extensions - CVE-2020-15962: Insufficient policy enforcement in serial - CVE-2020-15963: Insufficient policy enforcement in extensions - CVE-2020-15965: Out of bounds write in V8 - CVE-2020-15966: Insufficient policy enforcement in extensions - CVE-2020-15964: Insufficient data validation in media Important SUSE bug 1176791 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172177 CVE-2020-8164 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175568 CVE-2020-8027 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Use openSUSE CA for the opensuse flavor (bsc#1175674) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175476 SUSE bug 1175674 CVE-2019-14562 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by 'v' (instead of just being '1' or '2', as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return 'err' from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for 'IfNotPresent' pull type * docs: user namespace can't be shared in pods * Fix 'Error: unrecognized protocol \'TCP\' in port mapping' * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text@v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common@v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * 'pod' was being truncated to 'po' in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add 'systemd' BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys='' would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - 'off', 'null' or 'none' all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept 'ro' as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1162432 SUSE bug 1164090 SUSE bug 1165738 SUSE bug 1171578 SUSE bug 1174075 SUSE bug 1175821 SUSE bug 1175957 CVE-2020-1726 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pdns fixes the following issues: - Build with libmaxminddb instead of the obsolete GeoIP (boo#1156196) - CVE-2020-17482: Fixed an error that can result in leaking of uninitialised memory through crafted zone records (boo#1176535) - Backported compilation fix vs. latest Boost 1.74 (boo#1176312) Moderate SUSE bug 1156196 SUSE bug 1176312 SUSE bug 1176535 CVE-2020-17482 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1152930 SUSE bug 1174477 CVE-2020-14342 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.14 fixes the following issues: - go1.14.9 (released 2020-09-09) includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc#1164903 go1.14 release tracking * go#41192 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test * go#41016 net/http: Transport.CancelRequest no longer cancels in-flight request * go#40973 net/http: RoundTrip unexpectedly changes Request * go#40968 runtime: checkptr incorrectly -race flagging when using &^ arithmetic * go#40938 cmd/compile: R12 can be clobbered for write barrier call on PPC64 * go#40848 testing: '=== PAUSE' lines do not change the test name for the next log line * go#40797 cmd/compile: inline marker targets not reachable after assembly on arm * go#40766 cmd/compile: inline marker targets not reachable after assembly on ppc64x * go#40501 cmd/compile: for range loop reading past slice end * go#40411 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment * go#40398 runtime: fatal error: checkdead: runnable g * go#40192 runtime: pageAlloc.searchAddr may point to unmapped memory in discontiguous heaps, violating its invariant * go#39955 cmd/link: incorrect GC bitmap when global's type is in another shared object * go#39690 cmd/compile: s390x floating point <-> integer conversions clobbering the condition code * go#39279 net/http: Re-connect with upgraded HTTP2 connection fails to send Request.body * go#38904 doc: include fix for #34437 in Go 1.14 release notes - go1.14.8 (released 2020-09-01) includes security fixes to the net/http/cgi and net/http/fcgi packages. CVE-2020-24553 Refs bsc#1164903 go1.14 release tracking * bsc#1176031 CVE-2020-24553 * go#41164 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1164903 SUSE bug 1176031 CVE-2020-24553 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1176631 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dpdk fixes the following issues: - dpdk was updated to 18.11.9. For a list of fixes check: - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). For a list of fixes check: https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes This update was imported from the SUSE:SLE-15-SP1:Update update project. Critical SUSE bug 1176590 CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-reportlab fixes the following issues: - CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor() (bsc#1154370). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1154370 CVE-2019-17626 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for zabbix fixes the following issues: Updated to version 3.0.31. + CVE-2020-15803: Fixed an XSS in the URL Widget (boo#1174253). Moderate SUSE bug 1174253 CVE-2020-11800 CVE-2020-15803 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucl fixes the following issues: CVE-2018-11243: Fix remotely triggerable DoS via double free (boo#1094138) Moderate SUSE bug 1094138 CVE-2018-11243 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176764 CVE-2019-20919 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for upx to version 3.96 fixes the following issues: - CVE-2019-1010048: Fixed a denial of service in PackLinuxElf32::PackLinuxElf32help1() (boo#1141777). - CVE-2019-14296: Fixed a denial of service in canUnpack() (boo#1143839). - CVE-2019-20021: Fixed a heap-based buffer over-read in canUnpack() (boo#1159833). - CVE-2019-20053: Fixed a denial of service in canUnpack() (boo#1159920). - CVE-2018-11243: Fixed a denial of service in PackLinuxElf64::unpack() (boo#1094138). - Update to version 3.96 * Bug fixes: [CVE-2019-1010048, boo#1141777] [CVE-2019-14296, boo#1143839] [CVE-2019-20021, boo#1159833] [CVE-2019-20053, boo#1159920] [CVE-2018-11243 partially - ticket 206 ONLY, boo#1094138] - Update to version 3.95 * Flag --force-pie when ET_DYN main program is not marked as DF_1_PIE * Better compatibility with varying layout of address space on Linux * Support for 4 PT_LOAD layout in ELF generated by binutils-2.31 * bug fixes, particularly better diagnosis of malformed input * bug fixes - see https://github.com/upx/upx/milestone/4 Moderate SUSE bug 1094138 SUSE bug 1141777 SUSE bug 1143839 SUSE bug 1159833 SUSE bug 1159920 CVE-2018-11243 CVE-2019-1010048 CVE-2019-14296 CVE-2019-20021 CVE-2019-20053 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for kdeconnect-kde fixes the following issues: kdeconnect-kde was updated to fix various security issues in its default enabled network service (CVE-2020-26164, boo#1176268): Important SUSE bug 1176268 CVE-2020-26164 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs8 fixes the following issues: - CVE-2020-15095: Fixed information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172686 SUSE bug 1173937 CVE-2020-15095 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1160903 SUSE bug 1160905 CVE-2019-18902 CVE-2020-7216 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nextcloud fixes the following issues: nextcloud version 20.0.0 fix some security issues: - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 (CVE-2020-8228) Missing rate limit on signup page - NC-SA-2020-029 (CVE-2020-8233, boo#1177346) Re-Sharing allows increase of privileges - NC-SA-2020-026 Passowrd of share by mail is not hashed when given on the create share call - NC-SA-2020-023 Increase random used for encryption - Update to 19.0.3 - Fix possible leaking scope in Flow (server#22410) - Combine body-login rules in theming and fix twofactor and guest styling on bright colors (server#22427) - Show better quota warning for group folders and external storage (server#22442) - Add php docs build script (server#22448) - Fix clicks on actions menu of non opaque file rows in acceptance tests (server#22503) - Fix writing BLOBs to postgres with recent contacts interaction (server#22515) - Set the mount id before calling storage wrapper (server#22519) - Fix S3 error handling (server#22521) - Only disable zip64 if the size is known (server#22537) - Change free space calculation (server#22553) - Do not keep the part file if the forbidden exception has no retry set (server#22560) - Fix app password updating out of bounds (server#22569) - Use the correct root to determinate the webroot for the resource (server#22579) - Upgrade icewind/smb to 3.2.7 (server#22581) - Bump elliptic from 6.4.1 to 6.5.3 (notifications#732) - Fixes regression that prevented you from toggling the encryption flag (privacy#489) - Match any non-whitespace character in filesystem pattern (serverinfo#229) - Catch StorageNotAvailable exceptions (text#1001) - Harden read only check on public endpoints (text#1017) - Harden check when using token from memcache (text#1020) - Sessionid is an int (text#1029) - Only overwrite Ctrl-f when text is focussed (text#990) - Set the X-Requested-With header on dav requests (viewer#582) - Update to 19.0.2 - [stable19] lower minimum search length to 2 characters (server#21782) - [stable19] Call openssl_pkey_export with $config and log errors. (server#21804) - [stable19] Improve error reporting on sharing errors (server#21806) - [stable19] Do not log RequestedRangeNotSatisfiable exceptions in DAV (server#21840) - [stable19] Fix parsing of language code (server#21857) - [stable19] fix typo in revokeShare() (server#21876) - [stable19] Discourage webauthn user interaction (server#21917) - [stable19] Encryption is ready if master key is enabled (server#21935) - [stable19] Disable fragile comments tests (server#21939) - [stable19] Do not double encode the userid in webauthn login (server#21953) - [stable19] update icewind/smb to 3.2.6 (server#21955) - [stable19] Respect default share permissions (server#21967) - [stable19] allow admin to configure the max trashbin size (server#21975) - [stable19] Fix risky test in twofactor_backupcodes (server#21978) - [stable19] Fix PHPUnit deprecation warnings (server#21981) - [stable19] fix moving files from external storage to object store trashbin (server#21983) - [stable19] Ignore whitespace in sharing by mail (server#21991) - [stable19] Properly fetch translation for remote wipe confirmation dialog (server#22036) - [stable19] parse_url returns null in case a parameter is not found (server#22044) - Bump elliptic from 6.5.2 to 6.5.3 (server#22050) - [stable19] Correctly remove usergroup shares on removing group members (server#22053) - [stable19] Fix height to big for iPhone when using many apps (server#22064) - [stable19] reset the cookie internally in new API when abandoning paged results op (server#22069) - [stable19] Add Guzzle's InvalidArgumentException (server#22070) - [stable19] contactsmanager shall limit number of results early (server#22091) - [stable19] Fix browser freeze on long password input (server#22094) - [stable19] Search also the email and displayname in user mangement for groups (server#22118) - [stable19] Ensured large image is unloaded from memory when generating previews (server#22121) - [stable19] fix display of remote users in incoming share notifications (server#22131) - [stable19] Reuse cache for directory mtime/size if filesystem changes can be ignored (server#22171) - [stable19] Remove unexpected argument (server#22178) - [stable19] Do not exit if available space cannot be determined on file transfer (server#22181) - [stable19] Fix empty 'more' apps navigation after installing an app (server#22183) - [stable19] Fix default log_rotate_size in config.sample.php (server#22192) - [stable19] shortcut in reading nested group members when IN_CHAIN is available (server#22203) - [stable19] Fix chmod on file descriptor (server#22208) - [stable19] Do clearstatcache() on rmdir (server#22209) - [stable19] SSE enhancement of file signature (server#22210) - [stable19] remove logging message carrying no valuable information (server#22215) - [stable19] Add app config option to disable 'Email was changed by admin' activity (server#22232) - [stable19] Delete chunks if the move on an upload failed (server#22239) - [stable19] Silence duplicate session warnings (server#22247) - [3rdparty] Doctrine: Fix unquoted stmt fragments backslash escaping (server#22252) - [stable19] Allow to disable share emails (server#22300) - [stable19] Show disabled user count in occ user:report (server#22302) - Bump 3rdparty to last stable19 commit (server#22303) - [stable19] fixing a logged deprecation message (server#22309) - [stable19] CalDAV: Add ability to limit sharing to owner (server#22333) - [stable19] Only copy the link when updating a share or no password was forced (server#22337) - [stable19] Remove encryption option for nextcloud external storage (server#22341) - [stable19] l10n:Correct appid for WebAuthn (server#22348) - [stable19] Properly search for users when limittogroups is enabled (server#22355) - [stable19] SSE: make legacy format opt in (server#22381) - [stable19] Update the CRL (server#22387) - [stable19] Fix missing FN from federated contact (server#22400) - [stable19] fix event icon sizes and text alignment (server#22414) - [stable19] Bump stecman/symfony-console-completion from 0.8.0 to 0.11.0 (3rdparty#457) - [stable19] Add Guzzle's InvalidArgumentException (3rdparty#474) - [stable19] Doctrine: Fix unquoted stmt fragments backslash escaping (3rdparty#486) - [stable19] Fix cypress (viewer#545) - Move to webpack vue global config & bump deps (viewer#558) - Update to 19.0.1 - Security update Fix (CVE-2020-8183, NC-SA-2020-026, CWE-256) A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. - Update to 19.0.0 * Changes Nextcloud Hub v19, code name “home office”, represents a big step forward for remote collaboration in teams. This release brings document collaboration to video chats, introduces password-less login and improves performance. As this is a major release, the changelog is too long to put here. Users can look at github milestones to find what has been merged. A quick overview of what is new: - password-less authentication and many other security measures - Talk 9 with built-in office document editing courtesy of Collabora, a grid view & more - MUCH improved performance, Deck integration in Calendar, guest account groups and more! Moderate SUSE bug 1171572 SUSE bug 1171579 SUSE bug 1177346 CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25212: Fixed nfs getxattr kernel panic and memory overflow that could lead to crashes or privilege escalations (bsc#1176381). - CVE-2020-14381: Fixed inode life-time issue in futex handling (bsc#1176011). - CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206). - CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121). - CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a (bnc#1176990). - CVE-2020-14390: When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1176235 bnc#1176278). - CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176721). - CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176725). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176722). - CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176423). - CVE-2020-25284: The rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe (bnc#1176482). - CVE-2020-14386: Memory corruption in af_apcket can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bnc#1176069). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - Add de2b41be8fcc x86, vmlinux.lds: Page-align end of ..page_aligned sections - Add f29dfa53cc8a x86/bugs/multihit: Fix mitigation reporting when VMX is not in use - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - amd-xgbe: Add a check for an skb in the timestamp path (git-fixes). - amd-xgbe: Add additional dynamic debug messages (git-fixes). - amd-xgbe: Add additional ethtool statistics (git-fixes). - amd-xgbe: Add ethtool show/set channels support (git-fixes). - amd-xgbe: Add ethtool show/set ring parameter support (git-fixes). - amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes). - amd-xgbe: Add hardware features debug output (git-fixes). - amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes). - amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes). - amd-xgbe: Add per queue Tx and Rx statistics (git-fixes). - amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes). - amd-xgbe: Always attempt link training in KR mode (git-fixes). - amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes). - amd-xgbe: Convert to generic power management (git-fixes). - amd-xgbe: Fix debug output of max channel counts (git-fixes). - amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes). - amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes). - amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes). - amd-xgbe: fix spelling mistake: 'avialable' -> 'available' (git-fixes). - amd-xgbe: Handle return code from software reset function (git-fixes). - amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes). - amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes). - amd-xgbe: Limit the I2C error messages that are output (git-fixes). - amd-xgbe: Mark expected switch fall-throughs (git-fixes). - amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes). - amd-xgbe: Prepare for ethtool set-channel support (git-fixes). - amd-xgbe: Prevent looping forever if timestamp update fails (git-fixes). - amd-xgbe: Read and save the port property registers during probe (git-fixes). - amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes). - amd-xgbe: remove unnecessary conversion to bool (git-fixes). - amd-xgbe: Remove use of comm_owned field (git-fixes). - amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes). - amd-xgbe: Simplify the burst length settings (git-fixes). - amd-xgbe: Update the BelFuse quirk to support SGMII (git-fixes). - amd-xgbe: Update TSO packet statistics accuracy (git-fixes). - amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes). - amd-xgbe: use dma_mapping_error to check map errors (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (git-fixes). - amd-xgbe: Use the proper register during PTP initialization (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_&lt;level> uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions for tag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc->mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers: net: add missing interrupt.h include (git-fixes). - drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout (git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert 'Prefer lower feedback dividers' (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - EDAC: Fix reference count leaks (bsc#1112178). - fbcon: prevent user font height or width change from causing (bsc#1112178) - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path (git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-binary.spec.in: Package the obj_install_dir as explicit filelist. - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a double free in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: 8390: Fix manufacturer name in Kconfig help text (git-fixes). - net: amd: fix return type of ndo_start_xmit function (git-fixes). - net/amd: Remove useless driver version (git-fixes). - net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes). - net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes). - net: apple: Fix manufacturer name in Kconfig help text (git-fixes). - net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQS fields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include &lt;asm/nmi.h> header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - Revert 'ALSA: hda: Add support for Loongson 7A1000 controller' (git-fixes). - Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control' (git-fixes). - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes). - stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - usb: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - usb: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - usb: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - usb: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - usb: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - usb: gadget: u_f: add overflow checks to VLA macros (git-fixes). - usb: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - usb: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes). - usb: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - usb: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - usb: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - usb: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - usb: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - usb: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - usb: serial: option: support dynamic Quectel USB compositions (git-fixes). - usb: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - usb: uas: Add quirk for PNY Pro Elite (git-fixes). - usb: UAS: fix disconnect by unplugging a hub (git-fixes). - usb: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xgbe: no need to check return value of debugfs_create functions (git-fixes). - xgbe: switch to more generic VxLAN detection (git-fixes). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Important SUSE bug 1055186 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1094244 SUSE bug 1112178 SUSE bug 1113956 SUSE bug 1154366 SUSE bug 1167527 SUSE bug 1168468 SUSE bug 1169972 SUSE bug 1171675 SUSE bug 1171688 SUSE bug 1171742 SUSE bug 1173115 SUSE bug 1174899 SUSE bug 1175228 SUSE bug 1175749 SUSE bug 1175882 SUSE bug 1176011 SUSE bug 1176022 SUSE bug 1176038 SUSE bug 1176069 SUSE bug 1176235 SUSE bug 1176242 SUSE bug 1176278 SUSE bug 1176316 SUSE bug 1176317 SUSE bug 1176318 SUSE bug 1176319 SUSE bug 1176320 SUSE bug 1176321 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176507 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176659 SUSE bug 1176698 SUSE bug 1176699 SUSE bug 1176700 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176788 SUSE bug 1176789 SUSE bug 1176869 SUSE bug 1176877 SUSE bug 1176935 SUSE bug 1176950 SUSE bug 1176962 SUSE bug 1176966 SUSE bug 1176990 SUSE bug 1177030 SUSE bug 1177041 SUSE bug 1177042 SUSE bug 1177043 SUSE bug 1177044 SUSE bug 1177121 SUSE bug 1177206 SUSE bug 1177258 SUSE bug 1177291 SUSE bug 1177293 SUSE bug 1177294 SUSE bug 1177295 SUSE bug 1177296 SUSE bug 962356 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14386 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1161335 SUSE bug 1176625 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160571 CVE-2019-5188 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for icingaweb2 fixes the following issues: - icingaweb2 was updated to 2.7.4 * CVE-2020-24368: Fixed a path Traversal which could have allowed an attacker to access arbitrary files which are readable by the process running (boo#1175530). Important SUSE bug 1175530 CVE-2020-24368 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin fixes the following issues: - phpMyAdmin was updated to 4.9.6 * CVE-2020-26934: Fixed an XSS relating to the transformation feature (boo#1177561). * CVE-2020-26935: Fixed an SQL injection in SearchController (boo#1177562). Important SUSE bug 1177561 SUSE bug 1177562 CVE-2020-26934 CVE-2020-26935 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1172186 CVE-2020-8165 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-12351: A type confusion while processing AMP packets could be used by physical close attackers to crash the kernel or potentially execute code was fixed (bsc#1177724). - CVE-2020-12352: A stack information leak when handling certain AMP packets could be used by physical close attackers to leak information from the kernel was fixed (bsc#1177725). - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381). - CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511). The following non-security bugs were fixed: - 59c7c3caaaf8 ('nvme: fix possible hang when ns scanning fails during error recovery') - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - drm/sun4i: mixer: Extend regmap max_register (git-fixes). - ea43d9709f72 ('nvme: fix identify error status silent ignore') - i2c: meson: fix clock setting overwrite (git-fixes). - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400). - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes). - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes). - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685). - mmc: core: do not set limits.discard_granularity as 0 (git-fixes). - nvme-multipath: do not reset on unknown status (bsc#1174748). - nvme-rdma: Avoid double freeing of async event data (bsc#1174748). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748). - nvme: Namepace identification descriptor list is optional (bsc#1174748). - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748). - nvme: fix possible io failures when removing multipathed ns (bsc#1174748). - nvme: make nvme_identify_ns propagate errors back (bsc#1174748). - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748). - nvme: pass status to nvme_error_status (bsc#1174748). - nvme: return error from nvme_alloc_ns() (bsc#1174748). - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729). - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683). - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683). - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683). - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683). - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683). - scsi: hisi_sas: Do some more tidy-up (bsc#1140683). - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683). - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh: - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update: - scsi: hisi_sas: Some misc tidy-up (bsc#1140683). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538). Important SUSE bug 1065729 SUSE bug 1140683 SUSE bug 1172538 SUSE bug 1174748 SUSE bug 1175520 SUSE bug 1176381 SUSE bug 1176400 SUSE bug 1176946 SUSE bug 1177340 SUSE bug 1177511 SUSE bug 1177685 SUSE bug 1177724 SUSE bug 1177725 CVE-2020-12351 CVE-2020-12352 CVE-2020-25212 CVE-2020-25645 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pdns-recursor fixes the following issues: -pdns-recursorwas updated to 4.1.1 and 4.3.5: - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation (boo#1177383) - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302). Important SUSE bug 1173302 SUSE bug 1177383 CVE-2020-14196 CVE-2020-25829 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for crmsh fixes the following issues: - Fixed start_delay with start-delay(bsc#1176569) - fix on_fail should be on-fail(bsc#1176569) - config: Try to handle configparser.MissingSectionHeaderError while reading config file - ui_configure: Obscure sensitive data by default(bsc#1163581) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1163581 SUSE bug 1176569 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Non-security issue fixed: - Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159861 SUSE bug 1160369 SUSE bug 1161194 CVE-2019-19948 CVE-2019-19949 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>. - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1100369 SUSE bug 1109160 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1128220 SUSE bug 1156205 SUSE bug 1157051 SUSE bug 1161168 SUSE bug 1170667 SUSE bug 1170713 SUSE bug 1171313 SUSE bug 1171740 SUSE bug 1172958 SUSE bug 1173307 SUSE bug 1173311 SUSE bug 1173983 SUSE bug 1175443 SUSE bug 1176092 SUSE bug 1176674 SUSE bug 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: -chromium was updated to 86.0.4240.75 (boo#1177408): - CVE-2020-15967: Fixed Use after free in payments. - CVE-2020-15968: Fixed Use after free in Blink. - CVE-2020-15969: Fixed Use after free in WebRTC. - CVE-2020-15970: Fixed Use after free in NFC. - CVE-2020-15971: Fixed Use after free in printing. - CVE-2020-15972: Fixed Use after free in audio. - CVE-2020-15990: Fixed Use after free in autofill. - CVE-2020-15991: Fixed Use after free in password manager. - CVE-2020-15973: Fixed Insufficient policy enforcement in extensions. - CVE-2020-15974: Fixed Integer overflow in Blink. - CVE-2020-15975: Fixed Integer overflow in SwiftShader. - CVE-2020-15976: Fixed Use after free in WebXR. - CVE-2020-6557: Fixed Inappropriate implementation in networking. - CVE-2020-15977: Fixed Insufficient data validation in dialogs. - CVE-2020-15978: Fixed Insufficient data validation in navigation. - CVE-2020-15979: Fixed Inappropriate implementation in V8. - CVE-2020-15980: Fixed Insufficient policy enforcement in Intents. - CVE-2020-15981: Fixed Out of bounds read in audio. - CVE-2020-15982: Fixed Side-channel information leakage in cache. - CVE-2020-15983: Fixed Insufficient data validation in webUI. - CVE-2020-15984: Fixed Insufficient policy enforcement in Omnibox. - CVE-2020-15985: Fixed Inappropriate implementation in Blink. - CVE-2020-15986: Fixed Integer overflow in media. - CVE-2020-15987: Fixed Use after free in WebRTC. - CVE-2020-15992: Fixed Insufficient policy enforcement in networking. - CVE-2020-15988: Fixed Insufficient policy enforcement in downloads. - CVE-2020-15989: Fixed Uninitialized Use in PDFium. Critical SUSE bug 1177408 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-6557 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: opera was updated to version 71.0.3770.228 - DNA-87466 Hide extensions icon is black in dark theme - DNA-88580 Implement search_in_tabs telemetry benchmark - DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL - DNA-88693 Random crash in SmartFilesBrowserTest - DNA-88793 change VPN disclaimer modal layout - DNA-88799 Only active workspaces and active messengers should be listed in keyboard shortcuts settings - DNA-88838 add automatic VPN connection preference setting - DNA-88870 Align VPN popup to new design - DNA-88900 Turn off Tutorials in Opera GX – implementation - DNA-88931 Add info about channel and product (OPR, OPRGX) to rollout requests - DNA-88940 Allow continue-shopping|booking-host-override switch to handle host and path - DNA-88946 Auto-connect VPN after browser startup only for existing VPN users - DNA-89009 Change URL for search-suggestions - DNA-89021 Make RH test driver pack to a separate archive - DNA-89150 Unhardcode ‘From’ and ‘To’ strings in Advanced History Search - DNA-89175 Desktop without a flow paring should not initialize in browser startup Opera was updated to version 71.0.3770.198 - CHR-8106 Update chromium on desktop-stable-85-3770 to 85.0.4183.121 - DNA-85648 Reconnecting Flow with iOS is unstable - DNA-87130 Spinner is stretched instead of clipped - DNA-87989 In Find in Page, “No matches” doesn’t go away after deleting all text - DNA-88098 Data URLs entries should not open new tab after click on new history page - DNA-88267 Extra semicolon in Russian BABE translation - DNA-88312 [Win] Downloads file drag and drop doesn’t work in Opera - DNA-88363 Add premium extension functionality - DNA-88580 Implement search_in_tabs telemetry benchmark - DNA-88611 Black font on a dark background in sync login dialog - DNA-88626 Disable #easy-files on desktop-stable-85-xxxx - DNA-88701 String “Type a shortcut” is hardcoded - DNA-88755 Crash at extensions::WebstoreOneClickInstallerUIImpl:: RemoveAllInfobarsExcept(opera::ExtensionInstallInfoBarDelegate*) - DNA-88797 Change ‘Register’ to ‘Tab’ in German - DNA-88851 [History][Resized window] Button and date input look bad - DNA-88958 Crash at net::`anonymous namespace”::Escape - The update to chromium 85.0.4183.121 fixes following issues: - CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15965, CVE-2020-15966, CVE-2020-15964 - Update to version 71.0.3770.148 - CHR-8091 Update chromium on desktop-stable-85-3770 to 85.0.4183.102 - DNA-87785 [Mac] “Alitools” text in extension toolbar overlaps Install button - DNA-87935 Make SSD smaller by 25% - DNA-87963 Hidden Avira extension in avira_2 edition - DNA-88015 [MyFlow] Desktop doesn’t show itself in devices list - DNA-88469 Add context menu options to configure shortcuts - DNA-88496 Define a/b test in ab_tests.json - DNA-88537 Don’t filter out hashes from feature reference groups coming from rollout - DNA-88580 Implement search_in_tabs telemetry benchmark - DNA-88604 [History panel] Search bar covers the “Clear browsing data” button - DNA-88619 String ‘Download complete’ is cut on download popup - DNA-88645 Remove option should not be available for last workspace - DNA-88718 [History panel] fix delete button overflow issue - The update to chromium 85.0.4183.102 fixes following issues: - CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959 - Complete Opera 71.0 changelog at: https://blogs.opera.com/desktop/changelog-for-71/ - Update to version 70.0.3728.144 - CHR-8057 Update chromium on desktop-stable-84-3728 to 84.0.4147.135 - DNA-88027 [Mac] Downloads icon disappears when downloads popup is shown - DNA-88204 Crash at opera::DownloadItemView::OnMousePressed (ui::MouseEvent const&) - The update to chromium 84.0.4147.135 fixes following issues: - CVE-2020-6556 Important CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-6556 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575 CVE-2020-6576 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for hunspell fixes the following issues: - CVE-2019-16707: Fixed an invalid read in SuggestMgr:leftcommonsubstring (bsc#1151867). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1151867 CVE-2019-16707 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 86.0.4240.111 boo#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing. Important SUSE bug 1177936 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for kleopatra fixes the following issues: - CVE-2020-24972: Add upstream patch to prevent potential arbitrary code execution (boo#1177932): Moderate SUSE bug 1177932 CVE-2020-24972 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176086 SUSE bug 1176181 SUSE bug 1176671 CVE-2020-24659 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pagure fixes the following issues: - CVE-2019-11556: Fixed XSS via the templates/blame.html blame view (boo#1176987) Moderate SUSE bug 1176987 CVE-2019-11556 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV was used (bsc#1177351). - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1177352). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173786 SUSE bug 1177351 SUSE bug 1177352 CVE-2020-7069 CVE-2020-7070 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for singularity fixes the following issues: Update to new version 3.6.4: - CVE-2020-15229: Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create files on the host filesystem during the extraction of a crafted squashfs filesystem (boo#1177901). Important SUSE bug 1177901 CVE-2020-15229 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for lout fixes the following issues: - CVE-2019-19918: Fixed buffer overflow in srcnext() (boo#1159713). - CVE-2019-19917: Fixed buffer overflow in StringQuotedWord() (boo#1159714). Important SUSE bug 1159713 SUSE bug 1159714 CVE-2019-19917 CVE-2019-19918 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - qemu: Adjust max memlock on mdev hotplug (bsc#1177480). - Xen: Don't add dom0 twice on driver reload (bsc#1176430). - virdevmapper: Handle kernel without device-mapper support (bsc#1175465). - Fixed an issue where building was failing (bsc#1175574). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174955 SUSE bug 1175465 SUSE bug 1175574 SUSE bug 1176430 SUSE bug 1177155 SUSE bug 1177480 CVE-2020-15708 CVE-2020-25637 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird and mozilla-nspr fixes the following issues: - Mozilla Thunderbird 78.4 * new: MailExtensions: browser.tabs.sendMessage API added * new: MailExtensions: messageDisplayScripts API added * changed: Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * changed: MailExtensions: messageDisplay APIs extended to support multiple selected messages * changed: MailExtensions: compose.begin functions now support creating a message with attachments * fixed: Thunderbird could freeze when updating global search index * fixed: Multiple issues with handling of self-signed SSL certificates addressed * fixed: Recipient address fields in compose window could expand to fill all available space * fixed: Inserting emoji characters in message compose window caused unexpected behavior * fixed: Button to restore default folder icon color was not keyboard accessible * fixed: Various keyboard navigation fixes * fixed: Various color-related theme fixes * fixed: MailExtensions: Updating attachments with onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4 - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * Creating a new calendar event did not require an event title - Mozilla Thunderbird 78.3.2 (bsc#1176899) * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes - Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 Download origin spoofing via redirect * CVE-2020-15676 XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3 - update mozilla-nspr to version 4.25.1 * The macOS platform code for shared library loading was changed to support macOS 11. * Dependency needed for the MozillaThunderbird udpate This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1174230 SUSE bug 1176384 SUSE bug 1176756 SUSE bug 1176899 SUSE bug 1177977 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 CVE-2020-15683 CVE-2020-15969 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for binutils fixes the following issues: binutils was updated to version 2.35. (jsc#ECO-2373) Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. - fix DT_NEEDED order with -flto [bsc#1163744] Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. - Add new subpackages for libctf and libctf-nobfd. - Disable LTO due to bsc#1163333. - Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078 - fix various build fails on aarch64 (PR25210, bsc#1157755). Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=<txt>] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment <section-name>=<power-of-2-align> option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. - Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924 * Add xBPF target * Fix various problems with DWARF 5 support in gas * fix nm -B for objects compiled with -flto and -fcommon. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1126826 SUSE bug 1126829 SUSE bug 1126831 SUSE bug 1140126 SUSE bug 1142649 SUSE bug 1143609 SUSE bug 1153768 SUSE bug 1153770 SUSE bug 1157755 SUSE bug 1160254 SUSE bug 1160590 SUSE bug 1163333 SUSE bug 1163744 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sane-backends fixes the following issues: sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues: - CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524) - CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524) - CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524) The upstream changelogs can be found here: - https://gitlab.com/sane-project/backends/-/releases/1.0.28 - https://gitlab.com/sane-project/backends/-/releases/1.0.29 - https://gitlab.com/sane-project/backends/-/releases/1.0.30 - https://gitlab.com/sane-project/backends/-/releases/1.0.31 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172524 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2 fixes the following issues: - Enables the patch for CVE-2020-11993 and CVE-2020-9490. The patch was included but not applied in the previous update. (bsc#1178074) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1178074 CVE-2020-11993 CVE-2020-9490 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.7 (boo#1177842): * Fix two factor authentication that was broken in 4.9.6 * Fix incompatibilities with older PHP versions Update to 4.9.6: - Fixed XSS relating to the transformation feature (boo#1177561 CVE-2020-26934, PMASA-2020-5) - Fixed SQL injection vulnerability in SearchController (boo#1177562 CVE-2020-26935, PMASA-2020-6) Update to 4.9.5: This is a security release containing several bug fixes. * CVE-2020-10804: SQL injection vulnerability in the user accounts page, particularly when changing a password (boo#1167335, PMASA-2020-2) * CVE-2020-10802: SQL injection vulnerability relating to the search feature (boo#1167336, PMASA-2020-3) * CVE-2020-10803: SQL injection and XSS having to do with displaying results (boo#1167337, PMASA-2020-4) * Removing of the 'options' field for the external transformation. Important SUSE bug 1167335 SUSE bug 1167336 SUSE bug 1167337 SUSE bug 1177561 SUSE bug 1177562 SUSE bug 1177842 CVE-2020-10802 CVE-2020-10803 CVE-2020-10804 CVE-2020-26934 CVE-2020-26935 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1173902 SUSE bug 1173994 SUSE bug 1177613 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for icinga2 fixes the following issues: - Info that since version 2.12.0 following security issue is fixed: prepare-dirs script allows for symlink attack in the icinga user context. boo#1172171 (CVE-2020-14004) Update to 2.12.1: * Bugfixes + Core - Fix crashes during config update #8348 #8345 - Fix crash while removing a downtime #8228 - Ensure the daemon doesn't get killed by logrotate #8170 - Fix hangup during shutdown #8211 - Fix a deadlock in Icinga DB #8168 - Clean up zombie processes during reload #8376 - Reduce check latency #8276 + IDO - Prevent unnecessary IDO updates #8327 #8320 - Commit IDO MySQL transactions earlier #8349 - Make sure to insert IDO program status #8330 - Improve IDO queue stats logging #8271 #8328 #8379 + Misc - Ensure API connections are closed properly #8293 - Prevent unnecessary notifications #8299 - Don't skip null values of command arguments #8174 - Fix Windows .exe version #8234 - Reset Icinga check warning after successful config update #8189 Update to 2.12.0: * Breaking changes - Deprecate Windows plugins in favor of our - PowerShell plugins #8071 - Deprecate Livestatus #8051 - Refuse acknowledging an already acknowledged checkable #7695 - Config lexer: complain on EOF in heredocs, i.e. {{{abc<EOF> #7541 * Enhancements + Core - Implement new database backend: Icinga DB #7571 - Re-send notifications previously suppressed by their time periods #7816 + API - Host/Service: Add acknowledgement_last_change and next_update attributes #7881 #7534 - Improve error message for POST queries #7681 - /v1/actions/remove-comment: let users specify themselves #7646 - /v1/actions/remove-downtime: let users specify themselves #7645 - /v1/config/stages: Add 'activate' parameter #7535 + CLI - Add pki verify command for better TLS certificate troubleshooting #7843 - Add OpenSSL version to 'Build' section in --version #7833 - Improve experience with 'Node Setup for Agents/Satellite' #7835 + DSL - Add get_template() and get_templates() #7632 - MacroProcessor::ResolveArguments(): skip null argument values #7567 - Fix crash due to dependency apply rule with ignore_on_error and non-existing parent #7538 - Introduce ternary operator (x ? y : z) #7442 - LegacyTimePeriod: support specifying seconds #7439 - Add support for Lambda Closures (() use(x) => x and () use(x) => { return x }) #7417 + ITL - Add notemp parameter to oracle health #7748 - Add extended checks options to snmp-interface command template #7602 - Add file age check for Windows command definition #7540 + Docs - Development: Update debugging instructions #7867 - Add new API clients #7859 - Clarify CRITICAL vs. UNKNOWN #7665 - Explicitly explain how to disable freshness checks #7664 - Update installation for RHEL/CentOS 8 and SLES 15 #7640 - Add Powershell example to validate the certificate #7603 + Misc - Don't send event::Heartbeat to unauthenticated peers #7747 - OpenTsdbWriter: Add custom tag support #7357 * Bugfixes + Core - Fix JSON-RPC crashes #7532 #7737 - Fix zone definitions in zones #7546 - Fix deadlock during start on OpenBSD #7739 - Consider PENDING not a problem #7685 - Fix zombie processes after reload #7606 - Don't wait for checks to finish during reload #7894 + Cluster - Fix segfault during heartbeat timeout with clients not yet signed #7970 - Make the config update process mutually exclusive (Prevents file system race conditions) #7936 - Fix check_timeout not being forwarded to agent command endpoints #7861 - Config sync: Use a more friendly message when configs are equal and don't need a reload #7811 - Fix open connections when agent waits for CA approval #7686 - Consider a JsonRpcConnection alive on a single byte of TLS payload, not only on a whole message #7836 - Send JsonRpcConnection heartbeat every 20s instead of 10s #8102 - Use JsonRpcConnection heartbeat only to update connection liveness (m_Seen) #8142 - Fix TLS context not being updated on signed certificate messages on agents #7654 + API - Close connections w/o successful TLS handshakes after 10s #7809 - Handle permission exceptions soon enough, returning 404 #7528 + SELinux - Fix safe-reload #7858 - Allow direct SMTP notifications #7749 + Windows - Terminate check processes with UNKNOWN state on timeout #7788 - Ensure that log replay files are properly renamed #7767 + Metrics - Graphite/OpenTSDB: Ensure that reconnect failure is detected #7765 - Always send 0 as value for thresholds #7696 + Scripts - Fix notification scripts to stay compatible with Dash #7706 - Fix bash line continuation in mail-host-notification.sh #7701 - Fix notification scripts string comparison #7647 - Service and host mail-notifications: Add line-breaks to very long output #6822 - Set correct UTF-8 email subject header (RFC1342) #6369 + Misc - DSL: Fix segfault due to passing null as custom function to Array#{sort,map,reduce,filter,any,all}() #8053 - CLI: pki save-cert: allow to specify --key and --cert for backwards compatibility #7995 - Catch exception when trusted cert is not readable during node setup on agent/satellite #7838 - CheckCommand ssl: Fix wrong parameter -N #7741 - Code quality fixes - Small documentation fixes - Update to 2.11.5 Version 2.11.5 fixes file system race conditions in the config update process occurring in large HA environments and improves the cluster connection liveness mechanisms. * Bugfixes + Make the config update process mutually exclusive (Prevents file system race conditions) #8093 + Consider a JsonRpcConnection alive on a single byte of TLS payload, not only on a whole message #8094 + Send JsonRpcConnection heartbeat every 20s instead of 10s #8103 + Use JsonRpcConnection heartbeat only to update connection liveness (m_Seen) #8097 - Update to 2.11.4 Version 2.11.4 fixes a crash during a heartbeat timeout with clients not yet signed. It also resolves an issue with endpoints not reconnecting after a reload/deploy, which caused a lot of UNKNOWN states. * Bugfixes + Cluster - Fix segfault during heartbeat timeout with clients not yet signed #7997 - Fix endpoints not reconnecting after reload (UNKNOWN hosts/services after reload) #8043 + Setup - Fix exception on trusted cert not readable during node setup #8044 - prepare-dirs: Only set permissions during directory creation #8046 + DSL - Fix segfault on missing compare function in Array functions (sort, map, reduce, filter, any, all) #8054 - Update to 2.11.3 * Bugfixes - Cluster Fix JSON-RPC crashes (#7532) in large environments: #7846 #7848 #7849 - Set minimum require boost version to 1.66 - Fix boo#1159869 Permission error when use the icinga cli wizard. - BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Aloow OBS to shortcut through the -mini flavors. - Update to 2.11.2 This release fixes a problem where the newly introduced config sync 'check-change-then-reload' functionality could cause endless reload loops with agents. The most visible parts are failing command endpoint checks with 'not connected' UNKNOWN state. Only applies to HA enabled zones with 2 masters and/or 2 satellites. * Bugfixes - Cluster Config Sync - Config sync checksum change detection may not work within high load HA clusters #7565 - Update to 2.11.1 This release fixes a hidden long lasting bug unveiled with 2.11 and distributed setups. If you are affected by agents/satellites not accepting configuration anymore, or not reloading, please upgrade. * Bugfixes - Cluster Config Sync - Never accept authoritative config markers from other instances #7552 - This affects setups where agent/satellites are newer than the config master, e.g. satellite/agent=2.11.0, master=2.10. - Configuration - Error message for command_endpoint should hint that zone is not set #7514 - Global variable 'ActiveStageOverride' has been set implicitly via 'ActiveStageOverride ... #7521 * Documentation - Docs: Add upgrading/troubleshooting details for repos, config sync, agents #7526 - Explain repository requirements for 2.11: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#added-boost-166 - command_endpoint objects require a zone: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#agent-hosts-with-command-endpoint-require-a-zone - Zones declared in zones.d are not loaded anymore: https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#config-sync-zones-in-zones - Update to 2.11.0 * Core - Rewrite Network Stack (cluster, REST API) based on Boost Asio, Beast, Coroutines - Technical concept: #7041 - Requires package updates: Boost >1.66 (either from packages.icinga.com, EPEL or backports). SLES11 & Ubuntu 14 are EOL. - Require TLS 1.2 and harden default cipher list - Improved Reload Handling (umbrella process, now 3 processes at runtime) - Support running Icinga 2 in (Docker) containers natively in foreground - Quality: Use Modern JSON for C++ library instead of YAJL (dead project) - Quality: Improve handling of invalid UTF8 strings * API - Fix crashes on Linux, Unix and Windows from Nessus scans #7431 - Locks and stalled waits are fixed with the core rewrite in #7071 - schedule-downtime action supports all_services for host downtimes - Improve storage handling for runtime created objects in the _api package * Cluster - HA aware features & improvements for failover handling #2941 #7062 - Improve cluster config sync with staging #6716 - Fixed that same downtime/comment objects would be synced again in a cluster loop #7198 * Checks & Notifications - Ensure that notifications during a restart are sent - Immediately notify about a problem after leaving a downtime and still NOT-OK - Improve reload handling and wait for features/metrics - Store notification command results and sync them in HA enabled zones #6722 * DSL/Configuration - Add getenv() function - Fix TimePeriod range support over midnight - concurrent_checks in the Checker feature has no effect, use the global MaxConcurrentChecks constant instead * CLI - Permissions: node wizard/setup, feature, api setup now run in the Icinga user context, not root - ca list shows pending CSRs by default, ca remove/restore allow to delete signing requests * ITL - Add new commands and missing attributes * Windows - Update bundled NSClient++ to 0.5.2.39 - Refine agent setup wizard & update requirements to .NET 4.6 * Documentation - Service Monitoring: How to create plugins by example, check commands and a modern version of the supported plugin API with best practices - Features: Better structure on metrics, and supported features - Technical Concepts: TLS Network IO, Cluster Feature HA, Cluster Config Sync - Development: Rewritten for better debugging and development experience for contributors including a style guide. Add nightly build setup instructions. - Packaging: INSTALL.md was integrated into the Development chapter, being available at https://icinga.com/docs too. - Update to 2.10.6 * Bugfixes - Fix el7 not loading ECDHE cipher suites #7247 - update to 2.10.5 * Core - Fix crashes with logrotate signals #6737 (thanks Elias Ohm) * API - Fix crashes and problems with permission filters from recent Namespace introduction #6785 (thanks Elias Ohm) #6874 (backported from 2.11) - Reduce log spam with locked connections (real fix is the network stack rewrite in 2.11) #6877 * Cluster - Fix problems with replay log rotation and storage #6932 (thanks Peter Eckel) * IDO DB - Fix that reload shutdown deactivates hosts and hostgroups (introduced in 2.9) #7157 * Documentation - Improve the REST API chapter: Unix timestamp handling, filters, unify POST requests with filters in the body - Better layout for the features chapter, specifically metrics and events - Split object types into monitoring, runtime, features - Add technical concepts for cluster messages Moderate SUSE bug 1159869 SUSE bug 1172171 SUSE bug 1174075 CVE-2020-14004 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for claws-mail fixes the following issues: - Additional cleanup of the template handling claws-mail was updated to 3.17.8 (boo#1177967) * Shielded template's |program{} and |attach_program{} so that the command-line that is executed does not allow sequencing such as with && || ;, preventing possible execution of nasty, or at least unexpected, commands * bug fixes: claws#4376 * updated English, French, and Spanish manuals - Update to 3.17.7 * Image Viewer: Image attachments, when displayed, are now resized to fit the available width rather than the available height. * -d is now an alias to --debug. * Libravatar plugin: New styles supported: Robohash and Pagan. * SpamAssassin plugin: The 'Maximum size' option now matches SpamAssassin's maximum; it can now handle messages up to 256MB. * LiteHTML viewer plugin: The UI is now translatable. Bug fixes: * bug 4313, 'Recursion stack overflow with rebuilding folder tree' * bug 4372, '[pl_PL] Crash after 'Send later' without recipient and then 'Close'' * bug 4373, 'attach mailto URI double free' * bug 4374, 'insert mailto URI misses checks' * bug 4384, 'U+00AD (soft hyphen) changed to space in Subject' * bug 4386, 'Allow Sieve config without userid without warning' * Add missing SSL settings when cloning accounts. * Parsing of command-line arguments. * PGP Core plugin: fix segv in address completion with a keyring. * Libravatar plugin: fixes to image display. - Disable python-gtk plugin on suse_version > 1500: still relying on python2, which is EOL. - Update to 3.17.6: * It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. * A Phishing warning is now shown when copying a phishing URL, (in addition to clicking a phishing URL). * The progress window when importing an mbox file is now more responsive. * A warning dialogue is shown if the selected privacy system is 'None' and automatic signing amd/or encrypting is enabled. * Python plugin: pkgconfig is now used to check for python2. This enables the Python plugin (which uses python2) to be built on newer systems which have both python2 and python3. Bug fixes: * bug 3922, 'minimize to tray on startup not working' * bug 4220, 'generates files in cache without content' * bug 4325, 'Following redirects when retrieving image' * bug 4342, 'Import mbox file command doesn't work twice on a row' * fix STARTTLS protocol violation * fix initial debug line * fix fat-fingered crash when v (hiding msgview) is pressed just before c (check signature) * fix non-translation of some Templates strings - Update to 3.17.5 + Inline Git patches now have colour syntax highlighting The colours of these, and patch attachments, are configurable on the 'Other' tab of the Display/Colors page of the general preferences. + The previously hidden preference, 'summary_from_show', is now configurable within the UI, on the 'Message List' tab of the Display/Summaries page of the general preferences, 'Displayed in From column [ ]'. + 'Re-edit' has been added to the message context menu when in the Drafts folder. + Additional Date header formats are supported: - weekday, month, day, hh, mm, ss, year, zone - weekday, month, day, hh, mm, ss, year + LiteHtml viewer plugin: scrolling with the keyboard has been implemented. + The included tools/scripts have been updated: - eud2gc.py converted to Python 3 - tbird2claws.py converted to Python 3 - tbird2claws.py converted to Python 3 - google_search.pl has been replaced with ddg_search.pl (that is, duckduckgo.com instead of google.com) - fix_date.sh and its documentation have been updated - multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google' has been replaced by 'ddg' - the outdated OOo2claws-mail.pl script has been removed + Updated manuals + Updated translations: British English, Catalan, Czech, Danish, Dutch, French, German, Russian, Slovak, Spanish, Swedish, Traditional Chinese, Turkish + bug fixes: claws#2131, claws#4237, claws#4239, claws#4248, claws#4253, claws#4257, claws#4277, claws#4278, claws#4305 + Misc bugs fixed: - Fix crash in litehtml_viewer when tag has no href - removed 'The following file has been attached...' dialogue - MBOX import: give a better estimation of the time left and grey out widgets while importing - Fixed 'vcard.c:238:2: warning: ‘strncpy’ output truncate before terminating nul copying as many bytes from a string as its length' - RSSyl: Fix handling deleted feed items where modified and published dates do not match - fix bolding of target folder - when creating a new account, don't pre-fill data from the default account - respect 'default selection' settings when moving a msg with manual filtering - Fix printing of empty pages when the selected part is rendered with a plugin not implementing print - Addressbook folder selection dialogs: make sure folder list is sorted and apply global prefs to get stripes in lists. - when user cancels the GPG signing passphrase dialogue, don't bother the user with an 'error' dialogue - Fix imap keyword search. Libetpan assumes keyword search is a MUST but RFC states it is a MAY. Fix advanced search on MS Exchange - fix SHIFT+SPACE in msg list, moving in reverse - revert pasting images as attachments - Fix help about command-line arguments that require a parameter. - Printing: only print as plain text if the part is of type text - fix a segfault with default info icon when trying to print a non-text part. - Add a test on build-time libetpan version to require the proper version at run-time (boo#1157594) - Move 'Mark all read/unread' menu entries where they belong. remove-MarkAll-from-message-menu.patch (claws#4278) add-MarkAll-to-folder-menu.patch (claws#4278) - Make litehtml plugin build on Tumbleweed. - Update to 3.17.4: * New HTML viewer plugin: Litehtml viewer * Added option 'Enable keyboard shortcuts' to the 'Keyboard shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous * Compose: implemented copying of attached images to clipboard * Compose: images and text/uri-list (files) can now be attached by pasting into the Compose window * Python plugin: window sizes are now remembered for the Python console, the 'Open URLs' and the 'Set mailbox order' windows. * Fancy plugin: the download-link feature now follows redirections * MBOX export: the Enter key in the dialogue now starts the export * The date (ISO format) has been added to log timestamps * Update translations - bug 1920, 'No automatic NNTP filtering' - bug 2045, 'address book blocks focus on email window' - bug 2131, 'Focus stealing after mail check' - bug 2627, 'Filtering does not work on NNTP' - bug 3070, 'misbehaving text wrapping when URL chars are present' - bug 3838, 'Canceled right-click on message list leaves UI in inconsistent state' - bug 3977, 'Fix crashes when some external APIs fail' - bug 3979, 'Hang (with killing needed) during action which extracts attachments' - bug 4029, 'segfault after deleting message in a window' - bug 4031, 'fingerprint in SSL/TLS certificates for ... (regress error)' - bug 4037, 'Fix some small issues' - bug 4142, 'Translation error on Russian' - bug 4145, 'proxy server for sending doesn't work' - bug 4155, 'remember directory of last saving' - bug 4166, 'corrupted double-linked list' - bug 4167, 'Max line length exceeded when forwarding mail' - bug 4188, 'STL file is sent not as an attachment but as its base64 representation in plaintext' - CID 1442278, 'impossible to trigger buffer overflow' - Make key accelerators from menu work in addressbook window - save checkbox choices of display/summaries/defaults prefs - Do not throw an error when cancelling 'Save email as...'. - occasional crash on drag'n'drop of msgs - possible stack overflow in vcalendar's Curl data handler - crash when LDAP address source is defined in index, but - support is disabled - crash in Fancy plugin if one of the MIME parts has no - -ID - a few small memory leaks in scan_mailto_url() - configure script for rare cases where python is not installed - incorrect charset conversion in sc_html_read_line(). - markup in 'key not fully trusted' warning in pgpcore - use after free in rare code path in rssyl_subscribe() - several memory leaks - verify_folderlist_xml() for fresh starts - printf formats for size_t and goffset arguments. - alertpanel API use in win32 part of mimeview.c - pid handling in debug output of kill_children_cb() - incorrect pointer arithmetic in w32_filesel.c Moderate SUSE bug 1157594 SUSE bug 1177967 CVE-2020-15917 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pacemaker fixes the following issues: - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate (bsc#1175557) - extra: remove trailing whitespace from agent code - extra: update agent boilerplate (copyright/license notices) - extra: use 4-space indents in resource agent code - extra: use ':=' where appropriate in agent code - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - move bcond_with/without up front for e.g. pcmk_release - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - rpm: add spec option for enabling CIB secrets - rpm: put user-configurable items at top of spec - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1167171 SUSE bug 1173668 SUSE bug 1175557 SUSE bug 1177916 CVE-2020-25654 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 86.0.4240.183 boo#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows. Important SUSE bug 1178375 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tmux fixes the following issues: - Update to version 3.1c * Fix a stack overflow on colon-separated CSI parsing. boo#1178263 CVE-2020-27347 - tmux 3.1b: * Fix crash when allow-rename ison and an empty name is set - tmux 3.1a: * Do not close stdout prematurely in control mode since it is needed to print exit messages. Prevents hanging when detaching with iTerm2 - includes changes between 3.1-rc1 and 3.1: * Only search the visible part of the history when marking (highlighting) search terms. This is much faster than searching the whole history and solves problems with large histories. The count of matches shown is now the visible matches rather than all matches * Search using regular expressions in copy mode. search-forward and search-backward use regular expressions by default; the incremental versions do not * Turn off mouse mode 1003 as well as the rest when exiting * Add selection_active format for when the selection is present but not moving with the cursor * Fix dragging with modifier keys, so binding keys such as C-MouseDrag1Pane and C-MouseDragEnd1Pane now work * Add -a to list-keys to also list keys without notes with -N * Do not jump to next word end if already on a word end when selecting a word; fixes select-word with single character words and vi(1) keys * Fix top and bottom pane calculation with pane border status enabled - Update to v3.1-rc * Please see the included CHANGES file - Fix tmux completion - Update to v3.0a * A lot of changes since v2.9a, please see the included CHANGES file. - Update to v2.9a - Fix bugs in select-pane and the main-horizontal and main-vertical layouts. - Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as Leap 15.1), the lack of a trailing newline appears to cause the directory to not be created. This is only evident on setups where /run is an actual tmpfs (on btrfs-root installs, /run is a btrfs subvolume and thus /run/tmux is persistent across reboots). - Update to version 2.9 * Add format variables for the default formats in the various modes (tree_mode_format and so on) and add a -a flag to display-message to list variables with values. * Add a -v flag to display-message to show verbose messages as the format is parsed, this allows formats to be debugged * Add support for HPA (\033[`). * Add support for origin mode (\033[?6h). * No longer clear history on RIS. * Extend the #[] style syntax and use that together with previous format changes to allow the status line to be entirely configured with a single option. * Add E: and T: format modifiers to expand a format twice (useful to expand the value of an option). * The individual -fg, -bg and -attr options have been removed; they were superseded by -style options in tmux 1.9. * Add -b to display-panes like run-shell. * Handle UTF-8 in word-separators option. * New 'terminal' colour allowing options to use the terminal default colour rather than inheriting the default from a parent option. * Do not move the cursor in copy mode when the mouse wheel is used. * Use the same working directory rules for jobs as new windows rather than always starting in the user's home. * Allow panes to be one line or column in size. * Go to last line when goto-line number is out of range in copy mode. * Yank previously cut text if any with C-y in the command prompt, only use the buffer if no text has been cut. * Add q: format modifier to quote shell special characters. * Add -Z to find-window. * Support for windows larger than the client. This adds two new options, window-size and default-size, and a new command, resize-window. The force-width and force-height options and the session_width and session_height formats have been removed. - update to 2.8 - move bash-completion to right place * Make display-panes block the client until a pane is chosen or it times out. * Clear history on RIS like most other terminals do. * Add an 'Any' key to run a command if a key is pressed that is not bound in the current key table. * Expand formats in load-buffer and save-buffer. * Add a rectangle_toggle format. * Add set-hook -R to run a hook immediately. * Add pane focus hooks. * Allow any punctuation as separator for s/x/y not only /. * Improve resizing with the mouse (fix resizing the wrong pane in some layouts, and allow resizing multiple panes at the same time). * Allow , and } to be escaped in formats as #, and #}. * Add KRB5CCNAME to update-environment. * Change meaning of -c to display-message so the client is used if it matches the session given to -t. * Fixes to : form of SGR. * Add x and X to choose-tree to kill sessions, windows or panes. - Add bash completion for tmux - Update to 2.7 * Remove EVENT_* variables from environment on platforms where tmux uses them so they do not pass on to panes. * Fixed for hooks at server exit. * Remove SGR 10 (was equivalent to SGR 0 but no other terminal seems to do this). * Expand formats in window and session names. * Add -Z flag to choose-tree, choose-client, choose-buffer to automatically zoom the pane when the mode is entered and unzoom when it exits, assuming the pane is not already zoomed. This is now part of the default key bindings. * Add C-g to exit modes with emacs keys. * Add exit-empty option to exit server if no sessions (default = on) * Show if a filter is present in choose modes. * Add pipe-pane -I to to connect stdin of the child process. * Performance improvements for reflow. * Use RGB terminfo(5) capability to detect RGB colour terminals (the existing Tc extension remains unchanged). * Support for ISO colon-separated SGR sequences. * Add select-layout -E to spread panes out evenly (bound to E key). * Support wide characters properly when reflowing. * Pass PWD to new panes as a hint to shells, as well as calling chdir(). * Performance improvements for the various choose modes. * Only show first member of session groups in tree mode (-G flag to choose-tree to show all). * Support %else in config files to match %if * Fix 'kind' terminfo(5) capability to be S-Down not S-Up. * Add a box around the preview label in tree mode. * Show exit status and time in the remain-on-exit pane text * Correctly use pane-base-index in tree mode. * Change the allow-rename option default to off. * Support for xterm(1) title stack escape sequences * Correctly remove padding cells to fix a UTF-8 display problem - build from release tarball instead of source (drops automake dep) - Bash completion is now removed and provided by - cleanup specfile directory with tmpfiles.d functionality in /run/tmux Moderate SUSE bug 1037468 SUSE bug 1116887 SUSE bug 1120170 SUSE bug 1178263 CVE-2018-19387 CVE-2020-27347 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1146608 CVE-2019-14973 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) This update was imported from the SUSE:SLE-15-SP1:Update update project. Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1177582 CVE-2020-13943 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for transfig fixes the following issues: Security issue fixed: - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143650 CVE-2019-14275 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file (bsc#1140750). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1140750 CVE-2019-13314 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: - bsc#1177211 (CVE-2020-26116) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177211 CVE-2020-26116 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for salt fixes the following issues: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user'. (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building for systemd OSes. - Drop wrong mock from chroot unit test. - Support systemd versions with dot. (bsc#1176294) - Fix for grains.test_core unit test. - Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024) - Several changes to virtualization: * Fix virt update when cpu and memory are changed. * Memory Tuning GSoC. * Properly fix memory setting regression in virt.update. * Expose libvirt on_reboot in virt states. - Support transactional systems (MicroOS). - zypperpkg module ignores retcode 104 for search(). (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987) - Invalidate file list cache when cache file modified time is in the future. (bsc#1176397) - Prevent import errors when running test_btrfs unit tests This update was imported from the SUSE:SLE-15-SP1:Update update project. Critical SUSE bug 1159670 SUSE bug 1175987 SUSE bug 1176024 SUSE bug 1176294 SUSE bug 1176397 SUSE bug 1177867 SUSE bug 1178319 SUSE bug 1178361 SUSE bug 1178362 SUSE bug 1178485 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage (bsc#1161312). - CVE-2020-1699: Fixed a information disclosure by improper URL checking (bsc#1161074). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1161074 SUSE bug 1161312 CVE-2020-1699 CVE-2020-1700 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sddm fixes the following issue: - Fix X not having access control on startup (boo#1177201, CVE-2020-28049). Moderate SUSE bug 1177201 CVE-2020-28049 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bluez fixes the following issues: - CVE-2020-27153: Fixed possible crash on disconnect (bsc#1177895). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177895 CVE-2020-27153 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wireshark fixes the following issues: - Update to wireshark 3.2.7: * CVE-2020-25863: MIME Multipart dissector crash (bsc#1176908) * CVE-2020-25862: TCP dissector crash (bsc#1176909) * CVE-2020-25866: BLIP dissector crash (bsc#1176910) * CVE-2020-17498: Kafka dissector crash (bsc#1175204) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175204 SUSE bug 1176908 SUSE bug 1176909 SUSE bug 1176910 CVE-2020-17498 CVE-2020-25862 CVE-2020-25863 CVE-2020-25866 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for otrs fixes the following issues: - otrs was updated to 6.0.30 (OSA-2020-14 boo#1178434) - CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting (XSS). Moderate SUSE bug 1178434 CVE-2020-11022 CVE-2020-11023 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to version 80.0.3987.87 (boo#1162833). Security issues fixed: - CVE-2020-6381: Integer overflow in JavaScript (boo#1162833). - CVE-2020-6382: Type Confusion in JavaScript (boo#1162833). - CVE-2019-18197: Multiple vulnerabilities in XML (boo#1162833). - CVE-2019-19926: Inappropriate implementation in SQLite (boo#1162833). - CVE-2020-6385: Insufficient policy enforcement in storage (boo#1162833). - CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite (boo#1162833). - CVE-2020-6387: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6388: Out of bounds memory access in WebAudio (boo#1162833). - CVE-2020-6389: Out of bounds write in WebRTC (boo#1162833). - CVE-2020-6390: Out of bounds memory access in streams (boo#1162833). - CVE-2020-6391: Insufficient validation of untrusted input in Blink (boo#1162833). - CVE-2020-6392: Insufficient policy enforcement in extensions (boo#1162833). - CVE-2020-6393: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6394: Insufficient policy enforcement in Blink (boo#1162833). - CVE-2020-6395: Out of bounds read in JavaScript (boo#1162833). - CVE-2020-6396: Inappropriate implementation in Skia (boo#1162833). - CVE-2020-6397: Incorrect security UI in sharing (boo#1162833). - CVE-2020-6398: Uninitialized use in PDFium (boo#1162833). - CVE-2020-6399: Insufficient policy enforcement in AppCache (boo#1162833). - CVE-2020-6400: Inappropriate implementation in CORS (boo#1162833). - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6402: Insufficient policy enforcement in downloads (boo#1162833). - CVE-2020-6403: Incorrect security UI in Omnibox (boo#1162833). - CVE-2020-6404: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6405: Out of bounds read in SQLite (boo#1162833). - CVE-2020-6406: Use after free in audio (boo#1162833). - CVE-2019-19923: Out of bounds memory access in SQLite (boo#1162833). - CVE-2020-6408: Insufficient policy enforcement in CORS (boo#1162833). - CVE-2020-6409: Inappropriate implementation in Omnibox (boo#1162833). - CVE-2020-6410: Insufficient policy enforcement in navigation (boo#1162833). - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox (boo#1162833). - CVE-2020-6413: Inappropriate implementation in Blink (boo#1162833). - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing (boo#1162833). - CVE-2020-6415: Inappropriate implementation in JavaScript (boo#1162833). - CVE-2020-6416: Insufficient data validation in streams (boo#1162833). - CVE-2020-6417: Inappropriate implementation in installer (boo#1162833). Important SUSE bug 1162833 CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6417 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25668: Fixed concurrency use-after-free in con_font_op (bnc#1178123). - CVE-2020-25656: Fixed race condition in kbd code (bnc#1177766). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485). - CVE-2020-0430: In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176723). - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed verify permissions in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restrict energy meter to root access to avoid side channel attack (bsc#1170415). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - Add cherry-picked ids for already backported DRM radeon patches - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178). - Fix use after free in get_capset_info callback (git-fixes). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - NTB: hw: amd: fix an issue about leak system resources (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: handle broken union descriptors (git-fixes). - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - USB: serial: qcserial: fix altsetting probing (git-fixes). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11). - bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: do not set the full sync flag on the inode during page release (bsc#1177687). - btrfs: fix incorrect updating of log root tree (bsc#1177687). - btrfs: fix race between page release and a fast fsync (bsc#1177687). - btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687). - btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: reduce contention on log trees when logging checksums (bsc#1177687). - btrfs: release old extent maps during page release (bsc#1177687). - btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687). - btrfs: remove root usage from can_overcommit (bsc#1131277). - btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687). - btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234). - ceph: map snapid to anonymous bdev ID (bsc#1178234). - ceph: promote to unsigned long long before shifting (bsc#1178187). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - clk: ti: clockdomain: fix static checker warning (git-fixes). - coredump: fix crash when umh is disabled (bsc#1177753). - crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - crypto: ccp - fix error handling (git-fixes). - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes). - crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes). - crypto: omap-sham - fix digcnt register handling with export/import (git-fixes). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes). - device property: Do not clear secondary pointer for shared primary firmware node (git-fixes). - device property: Keep secondary firmware node secondary by type (git-fixes). - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/amdgpu: prevent double kfree ttm->sg (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/gma500: fix error check (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - icmp: randomize the global rate limiter (git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes). - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - leds: mt6323: move period calculation (git-fixes). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188). - mac80211: handle lack of sband->bitrates in rates (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: omap3isp: Fix memleak in isp_probe (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: platform: fcp: Fix a reference count leak (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: s5p-mfc: Fix a reference count leak (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: tc358743: initialize variable (git-fixes). - media: ti-vpe: Fix a missing check and reference count leak (git-fixes). - media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: usbtv: Fix refcounting mixup (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mlx5 PPC ringsize workaround (bsc#1173432). - mlx5: remove support for ib_get_vector_affinity (bsc#1174748). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)). - mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)). - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - net/mlx5e: Take common TIR context settings into a function (bsc#1177740). - net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - nl80211: fix non-split wiphy information (git-fixes). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - nvme: do not update disk info for multipathed device (bsc#1171558). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rtl8xxxu: prevent potential memory leak (git-fixes). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - spi: fsl-espi: Only process interrupts for expected events (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271). - target-use-scsi_set_sense_information-helper-on-misc.patch: (bsc#1177719). - tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - usb: cdc-acm: fix cooldown mechanism (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes). - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes). - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: fbdev: sis: fix null ptr dereference (git-fixes). - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)). - x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: limit entries returned when counting fsmap records (git-fixes). Important SUSE bug 1055014 SUSE bug 1058115 SUSE bug 1061843 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066382 SUSE bug 1077428 SUSE bug 1112178 SUSE bug 1131277 SUSE bug 1134760 SUSE bug 1163592 SUSE bug 1167030 SUSE bug 1170415 SUSE bug 1171558 SUSE bug 1173432 SUSE bug 1174748 SUSE bug 1176354 SUSE bug 1176485 SUSE bug 1176560 SUSE bug 1176713 SUSE bug 1176723 SUSE bug 1176907 SUSE bug 1177086 SUSE bug 1177101 SUSE bug 1177271 SUSE bug 1177281 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177687 SUSE bug 1177719 SUSE bug 1177740 SUSE bug 1177749 SUSE bug 1177750 SUSE bug 1177753 SUSE bug 1177754 SUSE bug 1177755 SUSE bug 1177766 SUSE bug 1177855 SUSE bug 1177856 SUSE bug 1177861 SUSE bug 1178027 SUSE bug 1178123 SUSE bug 1178166 SUSE bug 1178185 SUSE bug 1178187 SUSE bug 1178188 SUSE bug 1178202 SUSE bug 1178234 SUSE bug 1178330 SUSE bug 936888 CVE-2020-0430 CVE-2020-14351 CVE-2020-16120 CVE-2020-25285 CVE-2020-25656 CVE-2020-25668 CVE-2020-8694 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176116 SUSE bug 1176256 SUSE bug 1176257 SUSE bug 1176258 SUSE bug 1176259 CVE-2020-15166 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160790 SUSE bug 1161088 SUSE bug 1161089 SUSE bug 1161670 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: - CVE-2020-27560: Fixed potential denial of service in OptimizeLayerFrames function in MagickCore/layer.c (bsc#1178067). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178067 CVE-2020-27560 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Update to 86.0.4240.198 (boo#1178703) - CVE-2020-16013: Inappropriate implementation in V8 - CVE-2020-16017: Use after free in site isolation Update to 86.0.4240.193 (boo#1178630) - CVE-2020-16016: Inappropriate implementation in base. Important SUSE bug 1178630 SUSE bug 1178703 CVE-2020-16013 CVE-2020-16016 CVE-2020-16017 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for u-boot fixes the following issues: CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1134157 SUSE bug 1134853 SUSE bug 1143463 SUSE bug 1143777 SUSE bug 1143817 SUSE bug 1143818 SUSE bug 1143819 SUSE bug 1143820 SUSE bug 1143821 SUSE bug 1143823 SUSE bug 1143824 SUSE bug 1143825 SUSE bug 1143827 SUSE bug 1143828 SUSE bug 1143830 SUSE bug 1143831 SUSE bug 1162198 SUSE bug 1167209 CVE-2019-11059 CVE-2019-11690 CVE-2019-13103 CVE-2019-14192 CVE-2019-14193 CVE-2019-14194 CVE-2019-14195 CVE-2019-14196 CVE-2019-14197 CVE-2019-14198 CVE-2019-14199 CVE-2019-14200 CVE-2019-14201 CVE-2019-14202 CVE-2019-14203 CVE-2019-14204 CVE-2020-10648 CVE-2020-8432 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Opera was updated to version 72.0.3815.320 - CHR-8177 Update chromium on desktop-stable-86-3815 to 86.0.4240.183 - DNA-89748 ‘Manage Extensions’ dialog is displayed with preloaded extensions - DNA-89766 Address bar does not respond to actions - The update to chromium 86.0.4240.183 fixes following issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011 - Update to version 72.0.3815.200 - DNA-87150 Speed Dial tile can’t be dragged to proper place - DNA-89632 Improve hovering over icons - DNA-89647 [Light mode] Wrong URL color in ‘Add Site’ section - DNA-89791 Typo in Spanish - The update to chromium 86.0.4240.111 fixes following issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-15999, CVE-2020-16003 - Complete Opera 72.0 changelog at: https://blogs.opera.com/desktop/changelog-for-72/ - Update to version 71.0.3770.271 - DNA-88353 Crash at opera::TabCyclerView::HighlightContents (content::WebContents*, bool) - DNA-89177 Device update request should only be called when FCM token has changed - DNA-89186 Handle device expired case in all server calls - DNA-89202 Pages are rendered in dark mode when force dark mode prefs were synced from Opera GX - DNA-89247 [Mac] Fullscreen video broken if sidebar is hidden - DNA-89298 Some elements of VPN popup are misaligned to design - DNA-89305 Crash after closing Downloads pop-up Important CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slurm_18_08 fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. (CVE-2020-12693, bsc#1172004). Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-12693.patch - Remove unneeded build dependency to postgresql-devel. Moderate SUSE bug 1172004 CVE-2020-12693 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tor fixes the following issues: Updating tor to a newer version in the respective codestream. - tor 0.3.5.12: * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741) * Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979) * Fix DoS defenses on bridges with a pluggable transport * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013) * CVE-2020-10593: circuit padding memory leak (boo#1167014) - tor 0.4.4.6 * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741) * Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979) * Fix logrotate to not fail when tor is stopped (boo#1164275) Important SUSE bug 1164275 SUSE bug 1167013 SUSE bug 1167014 SUSE bug 1173979 SUSE bug 1178741 CVE-2020-10592 CVE-2020-10593 CVE-2020-15572 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tcpdump fixes the following issues: - CVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178466 CVE-2020-8037 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.9-11 (October 2020 CPU, bsc#1177943) * New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Other changes + JDK-6532025: GIF reader throws misleading exception with truncated images + JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/ /PDialogTest.java needs update by removing an infinite loop + JDK-8022535: [TEST BUG] javax/swing/text/html/parser/ /Test8017492.java fails + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed + JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/ /CloseServerSocket.java fails intermittently with Address already in use + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8172404: Tools should warn if weak algorithms are used before restricting them + JDK-8193367: Annotated type variable bounds crash javac + JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset + JDK-8203026: java.rmi.NoSuchObjectException: no such object in table + JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called + JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass + JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout + JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java + JDK-8204963: javax.swing.border.TitledBorder has a memory leak + JDK-8204994: SA might fail to attach to process with 'Windbg Error: WaitForEvent failed' + JDK-8205534: Remove SymbolTable dependency from serviceability agent + JDK-8206309: Tier1 SA tests fail + JDK-8208281: java/nio/channels/ /AsynchronousSocketChannel/Basic.java timed out + JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1 + JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect + JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent! + JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful + JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout + JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2 + JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC + JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java + JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ /ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code + JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3 + JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack + JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests + JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds + JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout + JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4 + JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject + JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test + JDK-8211694: JShell: Redeclared variable should be reset + JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent + JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest + JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 + JDK-8212807: tools/jar/multiRelease/Basic.java times out + JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent) + JDK-8213214: Set -Djava.io.tmpdir= when running tests + JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found + JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes + JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface + JDK-8214074: Ghash optimization using AVX instructions + JDK-8214491: Upgrade to JLine 3.9.0 + JDK-8214797: TestJmapCoreMetaspace.java timed out + JDK-8215243: JShell tests failing intermitently with 'Problem cleaning up the following threads:' + JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed + JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions) + JDK-8215438: jshell tool: Ctrl-D causes EOF + JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows + JDK-8216974: HttpConnection not returned to the pool after 204 response + JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time + JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + JDK-8221658: aarch64: add necessary predicate for ubfx patterns + JDK-8221759: Crash when completing 'java.io.File.path' + JDK-8221918: runtime/SharedArchiveFile/serviceability/ /ReplaceCriticalClasses.java fails: Shared archive not found + JDK-8222074: Enhance auto vectorization for x86 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command + JDK-8223688: JShell: crash on the instantiation of raw anonymous class + JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error + JDK-8223940: Private key not supported by chosen signature algorithm + JDK-8224184: jshell got IOException at exiting with AIX + JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc + JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException + JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions + JDK-8226536: Catch OOM from deopt that fails rematerializing objects + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8227059: sun/security/tools/keytool/ /DefaultSignatureAlgorithm.java timed out + JDK-8227269: Slow class loading when running with JDWP + JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to 'exitValue = 6' + JDK-8228448: Jconsole can't connect to itself + JDK-8228967: Trust/Key store and SSL context utilities for tests + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8229815: Upgrade Jline to 3.12.1 + JDK-8230000: some httpclients testng tests run zero test + JDK-8230002: javax/xml/jaxp/unittest/transform/ /SecureProcessingTest.java runs zero test + JDK-8230010: Remove jdk8037819/BasicTest1.java + JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter + JDK-8230402: Allocation of compile task fails with assert: 'Leaking compilation tasks?' + JDK-8230767: FlightRecorderListener returns null recording + JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231586: enlarge encoding space for OopMapValue offsets + JDK-8231953: Wrong assumption in assertion in oop::register_oop + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232083: Minimal VM is broken after JDK-8231586 + JDK-8232161: Align some one-way conversion in MS950 charset with Windows + JDK-8232855: jshell missing word in /help help + JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration + JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + JDK-8233386: Initialize NULL fields for unused decorations + JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result + JDK-8233686: XML transformer uses excessive amount of memory + JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions + JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment + JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose + JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() + JDK-8234058: runtime/CompressedOops/ /CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr + JDK-8234149: Several regression tests do not dispose Frame at end + JDK-8234347: 'Turkey' meta time zone does not generate composed localized names + JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/ /bug6980209.java fails in linux nightly + JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC + JDK-8234541: C1 emits an empty message when it inlines successfully + JDK-8234687: change javap reporting on unknown attributes + JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11 + JDK-8236548: Localized time zone name inconsistency between English and other locales + JDK-8236617: jtreg test containers/docker/ /TestMemoryAwareness.java fails after 8226575 + JDK-8237182: Update copyright header for shenandoah and epsilon files + JDK-8237888: security/infra/java/security/cert/ /CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval + JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java + JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response + JDK-8238284: [macos] Zero VM build fails due to an obvious typo + JDK-8238380: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code + JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), 'should be non-static concrete method'); + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8240169: javadoc fails to link to non-modular api docs + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8240360: NativeLibraryEvent has wrong library name on Linux + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + JDK-8241065: Shenandoah: remove leftover code after JDK-8231086 + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows + JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException + JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector + JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark + JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME + JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8242184: CRL generation error with RSASSA-PSS + JDK-8242283: Can't start JVM when java home path includes non-ASCII character + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8243029: Rewrite javax/net/ssl/compatibility/ /Compatibility.java with a flexible interop test framework + JDK-8243138: Enhance BaseLdapServer to support starttls extended request + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8243389: enhance os::pd_print_cpu_info on linux + JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment + JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) + JDK-8244087: 2020-04-24 public suffix list update + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base + JDK-8244196: adjust output in os_linux + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8244287: JFR: Methods samples have line number 0 + JDK-8244703: 'platform encoding not initialized' exceptions with debugger, JNI + JDK-8244719: CTW: C2 compilation fails with 'assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it' + JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb + JDK-8244763: Update --release 8 symbol information after JSR 337 MR3 + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8245151: jarsigner should not raise duplicate warnings on verification + JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9 + JDK-8245714: 'Bad graph detected in build_loop_late' when loads are pinned on loop limit check uncommon branch + JDK-8245801: StressRecompilation triggers assert 'redundunt OSR recompilation detected. memory leak in CodeCache!' + JDK-8245832: JDK build make-static-libs should build all JDK libraries + JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan + JDK-8245981: Upgrade to jQuery 3.5.1 + JDK-8246027: Minimal fastdebug build broken after JDK-8245801 + JDK-8246094: [macos] Sound Recording and playback is not working + JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError + JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN + JDK-8246330: Add TLS Tests for Legacy ECDSA curves + JDK-8246453: TestClone crashes with 'all collected exceptions must come from the same place' + JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods + JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node + JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code + JDK-8247615: Initialize the bytes left for the heap sampler + JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand + JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&' + JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield + JDK-8248348: Regression caused by the update to BCEL 6.0 + JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1 + JDK-8248495: [macos] zerovm is broken due to libffi headers location + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows + JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650 + JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. + JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel + JDK-8249255: Build fails if source code in cygwin home dir + JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11 + JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList + JDK-8249560: Shenandoah: Fix racy GC request handling + JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle + JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets + JDK-8250609: C2 crash in IfNode::fold_compares + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + JDK-8250787: Provider.put no longer registering aliases in FIPS env + JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM + JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk + JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure + JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase + JDK-8252120: compiler/oracle/TestCompileCommand.java misspells 'occured' + JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility + JDK-8252258: [11u] JDK-8242154 changes the default vendor + JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011 + JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11 + JDK-8253283: [11u] Test build/translations/ /VerifyTranslations.java failing after JDK-8252258 + JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes + Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)' introduced in jdk 11.0.9 This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for SDL fixes the following issues: Security issue fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit (bsc#1141844). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141844 CVE-2019-13616 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1157652 SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rmt-server fixes the following issues: - Version 2.6.5 - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. - Version 2.6.4 - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf. - Version 2.6.3 - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name. - Version 2.6.2 - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps. - Version 2.6.1 - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail. - Version 2.6.0 - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits: * `rmt-cli mirror repositories` now works for custom repositories. * Custom repository IDs can be the same across RMT instances. * No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output. Deprecation Warnings: * RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility. - Version 2.5.20 - Updated rails from 6.0.3.2 to 6.0.3.3: - actionview (CVE-2020-15169) - Version 2.5.19 - RMT now has the ability to remove local systems with the command `rmt-cli systems remove`. - Version 2.5.18 - Fixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurs during mirroring - Improved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success. - Version 2.5.17 - RMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system. - Version 2.5.16 - Updated RMT's rails and puma dependencies. - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770) - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166) - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419) - activesupport (CVE-2020-8165) - railties (CVE-2019-5420) - Version 2.5.15 - RMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored. In this case, RMTs were not able to provide the repository data which systems assumed it had. - Version 2.5.14 - Enable 'Installer-Updates' repositories by default - Fixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead. - Version 2.5.13 - Added `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored. - Previously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files. - Move the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package. - Version 2.5.12 - Update rack to version 2.2.3 (CVE-2020-8184: bsc#1173351) - Update Rails to version 5.2.4.3: - actionpack (CVE-2020-8164: bsc#1172177) - actionpack (CVE-2020-8166: bsc#1172182) - activesupport (CVE-2020-8165: bsc#1172186) - actionview (CVE-2020-8167: bsc#1172184) - Version 2.5.11 - rmt-server-pubcloud: - SLES11 EOL - Extension activation verification based on the available subscriptions - Added a manual instance verification script - Version 2.5.10 - Support rmt-server to run with Ruby 2.7 (Factory/Tumbleweed): - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class; - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7; - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code; - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated; - Improve RPM spec to consider only the distribution default Ruby version configured in OBS; - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler. - Move nginx/vhosts.d directory to correct sub-package. They are needed together with nginx, not rmt-server. - Fix dependencies especially for containerized usage: - mariadb and nginx are not hard requires, could run on another host - Fix generic dependencies: - systemd ordering was missing - shadow is required for pre-install - Version 2.5.9 - rmt-server-pubcloud: enforce strict authentication - Version 2.5.8 - Use repomd_parser gem to remove repository metadata parsing code. This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172177 SUSE bug 1172182 SUSE bug 1172184 SUSE bug 1172186 SUSE bug 1173351 CVE-2019-16770 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2020-11076 CVE-2020-11077 CVE-2020-15169 CVE-2020-5247 CVE-2020-5249 CVE-2020-5267 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-8184 CVE-2020-8185 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issues fixed: - Updated to Xen 4.12.4 bug fix release (bsc#1027519). - Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519). - Adjusted help for --max_iters, default is 5 (bsc#1177950). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1027519 SUSE bug 1177950 SUSE bug 1178591 CVE-2020-28368 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 87.0.4280.66 (boo#1178923) - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies. Important SUSE bug 1178923 CVE-2019-8075 CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slurm fixes the following issues: - CVE-2020-27745: PMIx - fix potential buffer overflows from use of unpackmem() (bsc#1178890). - CVE-2020-27746: X11 forwarding - fix potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1178890 SUSE bug 1178891 CVE-2020-27745 CVE-2020-27746 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886). - CVE-2020-25669: A use-after-free in teardown paths of sunkbd was fixed (bsc#1178182). - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782). - CVE-2020-25704: A a memory leak in perf_event_parse_addr_filter() was foxed (bsc#1178393, CVE-2020-25704). The following non-security bugs were fixed: - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - usb: core: driver: fix stray tabs in error messages (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). Important SUSE bug 1050549 SUSE bug 1067665 SUSE bug 1170630 SUSE bug 1172873 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1176855 SUSE bug 1176983 SUSE bug 1177397 SUSE bug 1177703 SUSE bug 1177819 SUSE bug 1177820 SUSE bug 1178182 SUSE bug 1178393 SUSE bug 1178589 SUSE bug 1178686 SUSE bug 1178765 SUSE bug 1178782 SUSE bug 1178838 SUSE bug 1178853 SUSE bug 1178854 SUSE bug 1178878 SUSE bug 1178886 SUSE bug 927455 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-28915 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rclone fixes the following issues: rclone was updated to version 1.53.3: * Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo#1179005 (Nick Craig-Wood) - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by rclone * VFS - Fix vfs/refresh calls with fs= parameter (Nick Craig-Wood) * Sharefile - Fix backend due to API swapping integers for strings (Nick Craig-Wood) Update to 1.53.2: * Bug Fixes - accounting + Fix incorrect speed and transferTime in core/stats (Nick Craig-Wood) + Stabilize display order of transfers on Windows (Nick Craig-Wood) - operations + Fix use of --suffix without --backup-dir (Nick Craig-Wood) + Fix spurious '--checksum is in use but the source and destination have no hashes in common' (Nick Craig-Wood) - build + Work around GitHub actions brew problem (Nick Craig-Wood) + Stop using set-env and set-path in the GitHub actions (Nick Craig-Wood) * Mount - mount2: Fix the swapped UID / GID values (Russell Cattelan) * VFS - Detect and recover from a file being removed externally from the cache (Nick Craig-Wood) - Fix a deadlock vulnerability in downloaders.Close (Leo Luan) - Fix a race condition in retryFailedResets (Leo Luan) - Fix missed concurrency control between some item operations and reset (Leo Luan) - Add exponential backoff during ENOSPC retries (Leo Luan) - Add a missed update of used cache space (Leo Luan) - Fix --no-modtime to not attempt to set modtimes (as documented) (Nick Craig-Wood) * Local - Fix sizes and syncing with --links option on Windows (Nick Craig-Wood) * Chunker - Disable ListR to fix missing files on GDrive (workaround) (Ivan Andreev) - Fix upload over crypt (Ivan Andreev) * Fichier - Increase maximum file size from 100GB to 300GB (gyutw) * Jottacloud - Remove clientSecret from config when upgrading to token based authentication (buengese) - Avoid double url escaping of device/mountpoint (albertony) - Remove DirMove workaround as it's not required anymore - also (buengese) * Mailru - Fix uploads after recent changes on server (Ivan Andreev) - Fix range requests after june changes on server (Ivan Andreev) - Fix invalid timestamp on corrupted files (fixes) (Ivan Andreev) * Onedrive - Fix disk usage for sharepoint (Nick Craig-Wood) * S3 - Add missing regions for AWS (Anagh Kumar Baranwal) * Seafile - Fix accessing libraries > 2GB on 32 bit systems (Muffin King) * SFTP - Always convert the checksum to lower case (buengese) * Union - Create root directories if none exist (Nick Craig-Wood) Update to version 1.53.1: * Bug Fixes - accounting: Remove new line from end of --stats-one-line display * VFS - Fix spurious error 'vfs cache: failed to _ensure cache EOF' - Log an ERROR if we fail to set the file to be sparse * Local - Log an ERROR if we fail to set the file to be sparse * Drive - Re-adds special oauth help text * Opendrive - Do not retry 400 errors Update to version 1.53.0 * New Features - The VFS layer was heavily reworked for this release - see below for more details - Interactive mode -i/--interactive for destructive operations (fishbullet) - Add --bwlimit-file flag to limit speeds of individual file transfers (Nick Craig-Wood) - Transfers are sorted by start time in the stats and progress output (Max Sum) - Make sure backends expand ~ and environment vars in file names they use (Nick Craig-Wood) - Add --refresh-times flag to set modtimes on hashless backends (Nick Craig-Wood) - rclone check + Add reporting of filenames for same/missing/changed (Nick Craig-Wood) + Make check command obey --dry-run/-i/--interactive (Nick Craig-Wood) + Make check do --checkers files concurrently (Nick Craig-Wood) + Retry downloads if they fail when using the --download flag (Nick Craig-Wood) + Make it show stats by default (Nick Craig-Wood) - rclone config + Set RCLONE_CONFIG_DIR for use in config files and subprocesses (Nick Craig-Wood) + Reject remote names starting with a dash. (jtagcat) - rclone cryptcheck: Add reporting of filenames for same/missing/changed (Nick Craig-Wood) - rclone dedupe: Make it obey the --size-only flag for duplicate detection (Nick Craig-Wood) - rclone link: Add --expire and --unlink flags (Roman Kredentser) - rclone mkdir: Warn when using mkdir on remotes which can't have empty directories (Nick Craig-Wood) - rclone rc: Allow JSON parameters to simplify command line usage (Nick Craig-Wood) - rclone serve ftp + Don't compile on < go1.13 after dependency update (Nick Craig-Wood) + Add error message if auth proxy fails (Nick Craig-Wood) + Use refactored goftp.io/server library for binary shrink (Nick Craig-Wood) - rclone serve restic: Expose interfaces so that rclone can be used as a library from within restic (Jack) - rclone sync: Add --track-renames-strategy leaf (Nick Craig-Wood) - rclone touch: Add ability to set nanosecond resolution times (Nick Craig-Wood) - rclone tree: Remove -i shorthand for --noindent as it conflicts with -i/--interactive (Nick Craig-Wood) * Bug Fixes * Mount - rc interface + Add call for unmount all (Chaitanya Bankanhal) + Make mount/mount remote control take vfsOpt option (Nick Craig-Wood) + Add mountOpt to mount/mount (Nick Craig-Wood) + Add VFS and Mount options to mount/listmounts (Nick Craig-Wood) - Catch panics in cgofuse initialization and turn into error messages (Nick Craig-Wood) - Always supply stat information in Readdir (Nick Craig-Wood) - Add support for reading unknown length files using direct IO (Windows) (Nick Craig-Wood) - Fix On Windows don't add -o uid/gid=-1 if user supplies -o uid/gid. (Nick Craig-Wood) - Fix volume name broken in recent refactor (Nick Craig-Wood) * VFS - Implement partial reads for --vfs-cache-mode full (Nick Craig-Wood) - Add --vfs-writeback option to delay writes back to cloud storage (Nick Craig-Wood) - Add --vfs-read-ahead parameter for use with --vfs-cache-mode full (Nick Craig-Wood) - Restart pending uploads on restart of the cache (Nick Craig-Wood) - Support synchronous cache space recovery upon ENOSPC (Leo Luan) - Allow ReadAt and WriteAt to run concurrently with themselves (Nick Craig-Wood) - Change modtime of file before upload to current (Rob Calistri) - Recommend --vfs-cache-modes writes on backends which can't stream (Nick Craig-Wood) - Add an optional fs parameter to vfs rc methods (Nick Craig-Wood) - Fix errors when using > 260 char files in the cache in Windows (Nick Craig-Wood) - Fix renaming of items while they are being uploaded (Nick Craig-Wood) - Fix very high load caused by slow directory listings (Nick Craig-Wood) - Fix renamed files not being uploaded with --vfs-cache-mode minimal (Nick Craig-Wood) - Fix directory locking caused by slow directory listings (Nick Craig-Wood) - Fix saving from chrome without --vfs-cache-mode writes (Nick Craig-Wood) * Crypt Add --crypt-server-side-across-configs flag (Nick Craig-Wood) Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Azure Blob Don't compile on < go1.13 after dependency update (Nick Craig-Wood) * B2 Implement server side copy for files > 5GB (Nick Craig-Wood) Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) Note that b2's encoding now allows \ but rclone's hasn't changed (Nick Craig-Wood) Fix transfers when using download_url (Nick Craig-Wood) * Box - Implement rclone cleanup (buengese) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Allow authentication with access token (David) * Chunker - Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Drive - Add rclone backend drives to list shared drives (teamdrives) (Nick Craig-Wood) - Implement rclone backend untrash (Nick Craig-Wood) - Work around drive bug which didn't set modtime of copied docs (Nick Craig-Wood) - Added --drive-starred-only to only show starred files (Jay McEntire) - Deprecate --drive-alternate-export as it is no longer needed (themylogin) - Fix duplication of Google docs on server side copy (Nick Craig-Wood) - Fix 'panic: send on closed channel' when recycling dir entries (Nick Craig-Wood) * Dropbox - Add copyright detector info in limitations section in the docs (Alex Guerrero) - Fix rclone link by removing expires parameter (Nick Craig-Wood) * Fichier - Detect Flood detected: IP Locked error and sleep for 30s (Nick Craig-Wood) * FTP - Add explicit TLS support (Heiko Bornholdt) - Add support for --dump bodies and --dump auth for debugging (Nick Craig-Wood) - Fix interoperation with pure-ftpd (Nick Craig-Wood) * Google Cloud Storage - Add support for anonymous access (Kai L?ke) * Jottacloud - Bring back legacy authentification for use with whitelabel versions (buengese) - Switch to new api root - also implement a very ugly workaround for the DirMove failures (buengese) * Onedrive - Rework cancel of multipart uploads on rclone exit (Nick Craig-Wood) - Implement rclone cleanup (Nick Craig-Wood) - Add --onedrive-no-versions flag to remove old versions (Nick Craig-Wood) * Pcloud - Implement rclone link for public link creation (buengese) * Qingstor - Cancel in progress multipart uploads on rclone exit (Nick Craig-Wood) * S3 - Preserve metadata when doing multipart copy (Nick Craig-Wood) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Add rclone link for public link sharing (Roman Kredentser) - Add rclone backend restore command to restore objects from GLACIER (Nick Craig-Wood) - Add rclone cleanup and rclone backend cleanup to clean unfinished multipart uploads (Nick Craig-Wood) - Add rclone backend list-multipart-uploads to list unfinished multipart uploads (Nick Craig-Wood) - Add --s3-max-upload-parts support (Kamil Trzciński) - Add --s3-no-check-bucket for minimising rclone transactions and perms (Nick Craig-Wood) - Add --s3-profile and --s3-shared-credentials-file options (Nick Craig-Wood) - Use regional s3 us-east-1 endpoint (David) - Add Scaleway provider (Vincent Feltz) - Update IBM COS endpoints (Egor Margineanu) - Reduce the default --s3-copy-cutoff to < 5GB for Backblaze S3 compatibility (Nick Craig-Wood) - Fix detection of bucket existing (Nick Craig-Wood) * SFTP - Use the absolute path instead of the relative path for listing for improved compatibility (Nick Craig-Wood) - Add --sftp-subsystem and --sftp-server-command options (aus) * Swift - Fix dangling large objects breaking the listing (Nick Craig-Wood) - Fix purge not deleting directory markers (Nick Craig-Wood) - Fix update multipart object removing all of its own parts (Nick Craig-Wood) - Fix missing hash from object returned from upload (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.2.0 (Kaloyan Raev) * Union - Fix writing with the all policy (Nick Craig-Wood) * WebDAV - Fix directory creation with 4shared (Nick Craig-Wood) - Update to version 1.52.3 * Bug Fixes - docs + Disable smart typography (eg en-dash) in MANUAL.* and man page (Nick Craig-Wood) + Update install.md to reflect minimum Go version (Evan Harris) + Update install from source instructions (Nick Craig-Wood) + make_manual: Support SOURCE_DATE_EPOCH (Morten Linderud) - log: Fix --use-json-log going to stderr not --log-file on Windows (Nick Craig-Wood) - serve dlna: Fix file list on Samsung Series 6+ TVs (Matteo Pietro Dazzi) - sync: Fix deadlock with --track-renames-strategy modtime (Nick Craig-Wood) * Cache - Fix moveto/copyto remote:file remote:file2 (Nick Craig-Wood) * Drive - Stop using root_folder_id as a cache (Nick Craig-Wood) - Make dangling shortcuts appear in listings (Nick Craig-Wood) - Drop 'Disabling ListR' messages down to debug (Nick Craig-Wood) - Workaround and policy for Google Drive API (Dmitry Ustalov) * FTP - Add note to docs about home vs root directory selection (Nick Craig-Wood) * Onedrive - Fix reverting to Copy when Move would have worked (Nick Craig-Wood) - Avoid comma rendered in URL in onedrive.md (Kevin) * Pcloud - Fix oauth on European region 'eapi.pcloud.com' (Nick Craig-Wood) * S3 - Fix bucket Region auto detection when Region unset in config (Nick Craig-Wood) - Update to version 1.52.2 * Bug Fixes - build + Fix docker release build action (Nick Craig-Wood) + Fix custom timezone in Docker image (NoLooseEnds) - check: Fix misleading message which printed errors instead of differences (Nick Craig-Wood) - errors: Add WSAECONNREFUSED and more to the list of retriable Windows errors (Nick Craig-Wood) - rcd: Fix incorrect prometheus metrics (Gary Kim) - serve restic: Fix flags so they use environment variables (Nick Craig-Wood) - serve webdav: Fix flags so they use environment variables (Nick Craig-Wood) - sync: Fix --track-renames-strategy modtime (Nick Craig-Wood) * Drive - Fix not being able to delete a directory with a trashed shortcut (Nick Craig-Wood) - Fix creating a directory inside a shortcut (Nick Craig-Wood) - Fix --drive-impersonate with cached root_folder_id (Nick Craig-Wood) * SFTP - Fix SSH key PEM loading (Zac Rubin) * Swift - Speed up deletes by not retrying segment container deletes (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.1.1 (Caleb Case) * WebDAV - Fix free/used display for rclone about/df for certain backends (Nick Craig-Wood) - Update to version 1.52.1 * VFS - Fix OS vs Unix path confusion - fixes ChangeNotify on Windows (Nick Craig-Wood) * Drive - Fix missing items when listing using --fast-list / ListR (Nick Craig-Wood) * Putio - Fix panic on Object.Open (Cenk Alti) * S3 - Fix upload of single files into buckets without create permission (Nick Craig-Wood) - Fix --header-upload (Nick Craig-Wood) * Tardigrade - Fix listing bug by upgrading to v1.0.7 - Set UserAgent to rclone (Caleb Case) - Update to version 1.52.0 * New backends - Tardigrade backend for use with storj.io (Caleb Case) - Union re-write to have multiple writable remotes (Max Sum) - Seafile for Seafile server (Fred @creativeprojects) * New commands - backend: command for backend specific commands (see backends) (Nick Craig-Wood) - cachestats: Deprecate in favour of rclone backend stats cache: (Nick Craig-Wood) - dbhashsum: Deprecate in favour of rclone hashsum DropboxHash (Nick Craig-Wood) * New Features - Add --header-download and --header-upload flags for setting HTTP headers when uploading/downloading (Tim Gallant) - Add --header flag to add HTTP headers to every HTTP transaction (Nick Craig-Wood) - Add --check-first to do all checking before starting transfers (Nick Craig-Wood) - Add --track-renames-strategy for configurable matching criteria for --track-renames (Bernd Schoolmann) - Add --cutoff-mode hard,soft,catious (Shing Kit Chan & Franklyn Tackitt) - Filter flags (eg --files-from -) can read from stdin (fishbullet) - Add --error-on-no-transfer option (Jon Fautley) - Implement --order-by xxx,mixed for copying some small and some big files (Nick Craig-Wood) - Allow --max-backlog to be negative meaning as large as possible (Nick Craig-Wood) - Added --no-unicode-normalization flag to allow Unicode filenames to remain unique (Ben Zenker) - Allow --min-age/--max-age to take a date as well as a duration (Nick Craig-Wood) - Add rename statistics for file and directory renames (Nick Craig-Wood) - Add statistics output to JSON log (reddi) - Make stats be printed on non-zero exit code (Nick Craig-Wood) - When running --password-command allow use of stdin (S?bastien Gross) - Stop empty strings being a valid remote path (Nick Craig-Wood) - accounting: support WriterTo for less memory copying (Nick Craig-Wood) - build + Update to use go1.14 for the build (Nick Craig-Wood) + Add -trimpath to release build for reproduceable builds (Nick Craig-Wood) + Remove GOOS and GOARCH from Dockerfile (Brandon Philips) - config + Fsync the config file after writing to save more reliably (Nick Craig-Wood) + Add --obscure and --no-obscure flags to config create/update (Nick Craig-Wood) + Make config show take remote: as well as remote (Nick Craig-Wood) - copyurl: Add --no-clobber flag (Denis) - delete: Added --rmdirs flag to delete directories as well (Kush) - filter: Added --files-from-raw flag (Ankur Gupta) - genautocomplete: Add support for fish shell (Matan Rosenberg) - log: Add support for syslog LOCAL facilities (Patryk Jakuszew) - lsjson: Add --hash-type parameter and use it in lsf to speed up hashing (Nick Craig-Wood) - rc + Add -o/--opt and -a/--arg for more structured input (Nick Craig-Wood) + Implement backend/command for running backend specific commands remotely (Nick Craig-Wood) + Add mount/mount command for starting rclone mount via the API (Chaitanya) - rcd: Add Prometheus metrics support (Gary Kim) - serve http + Added a --template flag for user defined markup (calistri) + Add Last-Modified headers to files and directories (Nick Craig-Wood) - serve sftp: Add support for multiple host keys by repeating --key flag (Maxime Suret) - touch: Add --localtime flag to make --timestamp localtime not UTC (Nick Craig-Wood) * Bug Fixes - accounting + Restore 'Max number of stats groups reached' log line (Michał Matczuk) + Correct exitcode on Transfer Limit Exceeded flag. (Anuar Serdaliyev) + Reset bytes read during copy retry (Ankur Gupta) + Fix race clearing stats (Nick Craig-Wood) - copy: Only create empty directories when they don't exist on the remote (Ishuah Kariuki) - dedupe: Stop dedupe deleting files with identical IDs (Nick Craig-Wood) - oauth + Use custom http client so that --no-check-certificate is honored by oauth token fetch (Mark Spieth) + Replace deprecated oauth2.NoContext (Lars Lehtonen) - operations + Fix setting the timestamp on Windows for multithread copy (Nick Craig-Wood) + Make rcat obey --ignore-checksum (Nick Craig-Wood) + Make --max-transfer more accurate (Nick Craig-Wood) - rc + Fix dropped error (Lars Lehtonen) + Fix misplaced http server config (Xiaoxing Ye) + Disable duplicate log (ElonH) - serve dlna + Cds: don't specify childCount at all when unknown (Dan Walters) + Cds: use modification time as date in dlna metadata (Dan Walters) - serve restic: Fix tests after restic project removed vendoring (Nick Craig-Wood) - sync + Fix incorrect 'nothing to transfer' message using --delete-before (Nick Craig-Wood) + Only create empty directories when they don't exist on the remote (Ishuah Kariuki) * Mount - Add --async-read flag to disable asynchronous reads (Nick Craig-Wood) - Ignore --allow-root flag with a warning as it has been removed upstream (Nick Craig-Wood) - Warn if --allow-non-empty used on Windows and clarify docs (Nick Craig-Wood) - Constrain to go1.13 or above otherwise bazil.org/fuse fails to compile (Nick Craig-Wood) - Fix fail because of too long volume name (evileye) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Map more rclone errors into file systems errors (Nick Craig-Wood) - Fix disappearing cwd problem (Nick Craig-Wood) - Use ReaddirPlus on Windows to improve directory listing performance (Nick Craig-Wood) - Send a hint as to whether the filesystem is case insensitive or not (Nick Craig-Wood) - Add rc command mount/types (Nick Craig-Wood) - Change maximum leaf name length to 1024 bytes (Nick Craig-Wood) * VFS - Add --vfs-read-wait and --vfs-write-wait flags to control time waiting for a sequential read/write (Nick Craig-Wood) - Change default --vfs-read-wait to 20ms (it was 5ms and not configurable) (Nick Craig-Wood) - Make df output more consistent on a rclone mount. (Yves G) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Fix race condition caused by unlocked reading of Dir.path (Nick Craig-Wood) - Make File lock and Dir lock not overlap to avoid deadlock (Nick Craig-Wood) - Implement lock ordering between File and Dir to eliminate deadlocks (Nick Craig-Wood) - Factor the vfs cache into its own package (Nick Craig-Wood) - Pin the Fs in use in the Fs cache (Nick Craig-Wood) - Add SetSys() methods to Node to allow caching stuff on a node (Nick Craig-Wood) - Ignore file not found errors from Hash in Read.Release (Nick Craig-Wood) - Fix hang in read wait code (Nick Craig-Wood) * Local - Speed up multi thread downloads by using sparse files on Windows (Nick Craig-Wood) - Implement --local-no-sparse flag for disabling sparse files (Nick Craig-Wood) - Implement rclone backend noop for testing purposes (Nick Craig-Wood) - Fix 'file not found' errors on post transfer Hash calculation (Nick Craig-Wood) * Cache - Implement rclone backend stats command (Nick Craig-Wood) - Fix Server Side Copy with Temp Upload (Brandon McNama) - Remove Unused Functions (Lars Lehtonen) - Disable race tests until bbolt is fixed (Nick Craig-Wood) - Move methods used for testing into test file (greatroar) - Add Pin and Unpin and canonicalised lookup (Nick Craig-Wood) - Use proper import path go.etcd.io/bbolt (Robert-Andr? Mauchin) * Crypt - Calculate hashes for uploads from local disk (Nick Craig-Wood) + This allows crypted Jottacloud uploads without using local disk + This means crypted s3/b2 uploads will now have hashes - Added rclone backend decode/encode commands to replicate functionality of cryptdecode (Anagh Kumar Baranwal) - Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood) * Azure Blob - Implement streaming of unknown sized files so rcat is now supported (Nick Craig-Wood) - Implement memory pooling to control memory use (Nick Craig-Wood) - Add --azureblob-disable-checksum flag (Nick Craig-Wood) - Retry InvalidBlobOrBlock error as it may indicate block concurrency problems (Nick Craig-Wood) - Remove unused Object.parseTimeString() (Lars Lehtonen) - Fix permission error on SAS URL limited to container (Nick Craig-Wood) * B2 - Add support for --header-upload and --header-download (Tim Gallant) - Ignore directory markers at the root also (Nick Craig-Wood) - Force the case of the SHA1 to lowercase (Nick Craig-Wood) - Remove unused largeUpload.clearUploadURL() (Lars Lehtonen) * Box - Add support for --header-upload and --header-download (Tim Gallant) - Implement About to read size used (Nick Craig-Wood) - Add token renew function for jwt auth (David Bramwell) - Added support for interchangeable root folder for Box backend (Sunil Patra) - Remove unnecessary iat from jws claims (David) * Drive - Follow shortcuts by default, skip with --drive-skip-shortcuts (Nick Craig-Wood) - Implement rclone backend shortcut command for creating shortcuts (Nick Craig-Wood) - Added rclone backend command to change service_account_file and chunk_size (Anagh Kumar Baranwal) - Fix missing files when using --fast-list and --drive-shared-with-me (Nick Craig-Wood) - Fix duplicate items when using --drive-shared-with-me (Nick Craig-Wood) - Extend --drive-stop-on-upload-limit to respond to teamDriveFileLimitExceeded. (harry) - Don't delete files with multiple parents to avoid data loss (Nick Craig-Wood) - Server side copy docs use default description if empty (Nick Craig-Wood) * Dropbox - Make error insufficient space to be fatal (harry) - Add info about required redirect url (Elan Ruusam?e) * Fichier - Add support for --header-upload and --header-download (Tim Gallant) - Implement custom pacer to deal with the new rate limiting (buengese) * FTP - Fix lockup when using concurrency limit on failed connections (Nick Craig-Wood) - Fix lockup on failed upload when using concurrency limit (Nick Craig-Wood) - Fix lockup on Close failures when using concurrency limit (Nick Craig-Wood) - Work around pureftp sending spurious 150 messages (Nick Craig-Wood) * Google Cloud Storage - Add support for --header-upload and --header-download (Nick Craig-Wood) - Add ARCHIVE storage class to help (Adam Stroud) - Ignore directory markers at the root (Nick Craig-Wood) * Googlephotos - Make the start year configurable (Daven) - Add support for --header-upload and --header-download (Tim Gallant) - Create feature/favorites directory (Brandon Philips) - Fix 'concurrent map write' error (Nick Craig-Wood) - Don't put an image in error message (Nick Craig-Wood) * HTTP - Improved directory listing with new template from Caddy project (calisro) * Jottacloud - Implement --jottacloud-trashed-only (buengese) - Add support for --header-upload and --header-download (Tim Gallant) - Use RawURLEncoding when decoding base64 encoded login token (buengese) - Implement cleanup (buengese) - Update docs regarding cleanup, removed remains from old auth, and added warning about special mountpoints. (albertony) * Mailru - Describe 2FA requirements (valery1707) * Onedrive - Implement --onedrive-server-side-across-configs (Nick Craig-Wood) - Add support for --header-upload and --header-download (Tim Gallant) - Fix occasional 416 errors on multipart uploads (Nick Craig-Wood) - Added maximum chunk size limit warning in the docs (Harry) - Fix missing drive on config (Nick Craig-Wood) - Make error quotaLimitReached to be fatal (harry) * Opendrive - Add support for --header-upload and --header-download (Tim Gallant) * Pcloud - Added support for interchangeable root folder for pCloud backend (Sunil Patra) - Add support for --header-upload and --header-download (Tim Gallant) - Fix initial config 'Auth state doesn't match' message (Nick Craig-Wood) * Premiumizeme - Add support for --header-upload and --header-download (Tim Gallant) - Prune unused functions (Lars Lehtonen) * Putio - Add support for --header-upload and --header-download (Nick Craig-Wood) - Make downloading files use the rclone http Client (Nick Craig-Wood) - Fix parsing of remotes with leading and trailing / (Nick Craig-Wood) * Qingstor - Make rclone cleanup remove pending multipart uploads older than 24h (Nick Craig-Wood) - Try harder to cancel failed multipart uploads (Nick Craig-Wood) - Prune multiUploader.list() (Lars Lehtonen) - Lint fix (Lars Lehtonen) * S3 - Add support for --header-upload and --header-download (Tim Gallant) - Use memory pool for buffer allocations (Maciej Zimnoch) - Add SSE-C support for AWS, Ceph, and MinIO (Jack Anderson) - Fail fast multipart upload (Michał Matczuk) - Report errors on bucket creation (mkdir) correctly (Nick Craig-Wood) - Specify that Minio supports URL encoding in listings (Nick Craig-Wood) - Added 500 as retryErrorCode (Michał Matczuk) - Use --low-level-retries as the number of SDK retries (Aleksandar Janković) - Fix multipart abort context (Aleksandar Jankovic) - Replace deprecated session.New() with session.NewSession() (Lars Lehtonen) - Use the provided size parameter when allocating a new memory pool (Joachim Brandon LeBlanc) - Use rclone's low level retries instead of AWS SDK to fix listing retries (Nick Craig-Wood) - Ignore directory markers at the root also (Nick Craig-Wood) - Use single memory pool (Michał Matczuk) - Do not resize buf on put to memBuf (Michał Matczuk) - Improve docs for --s3-disable-checksum (Nick Craig-Wood) - Don't leak memory or tokens in edge cases for multipart upload (Nick Craig-Wood) * Seafile - Implement 2FA (Fred) * SFTP - Added --sftp-pem-key to support inline key files (calisro) - Fix post transfer copies failing with 0 size when using set_modtime=false (Nick Craig-Wood) * Sharefile - Add support for --header-upload and --header-download (Tim Gallant) * Sugarsync - Add support for --header-upload and --header-download (Tim Gallant) * Swift - Add support for --header-upload and --header-download (Nick Craig-Wood) - Fix cosmetic issue in error message (Martin Michlmayr) * Union - Implement multiple writable remotes (Max Sum) - Fix server-side copy (Max Sum) - Implement ListR (Max Sum) - Enable ListR when upstreams contain local (Max Sum) * WebDAV - Add support for --header-upload and --header-download (Tim Gallant) - Fix X-OC-Mtime header for Transip compatibility (Nick Craig-Wood) - Report full and consistent usage with about (Yves G) * Yandex - Add support for --header-upload and --header-download (Tim Gallant) - Update to version 1.51.0 * See https://rclone.org/changelog/#v1-51-0-2020-02-01 for the complete changelog. - Update to version 1.50.2 * Bug Fixes - accounting: Fix memory leak on retries operations (Nick Craig-Wood) * Drive - Fix listing of the root directory with drive.files scope (Nick Craig-Wood) - Fix --drive-root-folder-id with team/shared drives (Nick Craig-Wood) - Update to version 1.50.1 * Bug Fixes - hash: Fix accidentally changed hash names for DropboxHash and CRC-32 (Nick Craig-Wood) - fshttp: Fix error reporting on tpslimit token bucket errors (Nick Craig-Wood) - fshttp: Don’t print token bucket errors on context cancelled (Nick Craig-Wood) * Local - Fix listings of . on Windows (Nick Craig-Wood) * Onedrive - Fix DirMove/Move after Onedrive change (Xiaoxing Ye) - Update to version 1.50.0 * New backends - Citrix Sharefile (Nick Craig-Wood) - Chunker - an overlay backend to split files into smaller parts (Ivan Andreev) - Mail.ru Cloud (Ivan Andreev) * New Features - encodings (Fabian M?ller & Nick Craig-Wood) + All backends now use file name encoding to ensure any file name can be written to any backend. + See the restricted file name docs for more info and the local backend docs. + Some file names may look different in rclone if you are using any control characters in names or unicode FULLWIDTH symbols. - build + Update to use go1.13 for the build (Nick Craig-Wood) + Drop support for go1.9 (Nick Craig-Wood) + Build rclone with GitHub actions (Nick Craig-Wood) + Convert python scripts to python3 (Nick Craig-Wood) + Swap Azure/go-ansiterm for mattn/go-colorable (Nick Craig-Wood) + Dockerfile fixes (Matei David) + Add plugin support for backends and commands (Richard Patel) - config + Use alternating Red/Green in config to make more obvious (Nick Craig-Wood) - contrib + Add sample DLNA server Docker Compose manifest. (pataquets) + Add sample WebDAV server Docker Compose manifest. (pataquets) - copyurl + Add --auto-filename flag for using file name from URL in destination path (Denis) - serve dlna: + Many compatability improvements (Dan Walters) + Support for external srt subtitles (Dan Walters) - rc + Added command core/quit (Saksham Khanna) * Bug Fixes - sync + Make --update/-u not transfer files that haven’t changed (Nick Craig-Wood) + Free objects after they come out of the transfer pipe to save memory (Nick Craig-Wood) + Fix --files-from without --no-traverse doing a recursive scan (Nick Craig-Wood) - operations + Fix accounting for server side copies (Nick Craig-Wood) + Display ‘All duplicates removed’ only if dedupe successful (Sezal Agrawal) + Display ‘Deleted X extra copies’ only if dedupe successful (Sezal Agrawal) - accounting + Only allow up to 100 completed transfers in the accounting list to save memory (Nick Craig-Wood) + Cull the old time ranges when possible to save memory (Nick Craig-Wood) + Fix panic due to server-side copy fallback (Ivan Andreev) + Fix memory leak noticeable for transfers of large numbers of objects (Nick Craig-Wood) + Fix total duration calculation (Nick Craig-Wood) - cmd + Fix environment variables not setting command line flags (Nick Craig-Wood) + Make autocomplete compatible with bash’s posix mode for macOS (Danil Semelenov) + Make --progress work in git bash on Windows (Nick Craig-Wood) + Fix ‘compopt: command not found’ on autocomplete on macOS (Danil Semelenov) - config + Fix setting of non top level flags from environment variables (Nick Craig-Wood) + Check config names more carefully and report errors (Nick Craig-Wood) + Remove error: can’t use --size-only and --ignore-size together. (Nick Craig-Wood) + filter: Prevent mixing options when --files-from is in use (Michele Caci) + serve sftp: Fix crash on unsupported operations (eg Readlink) (Nick Craig-Wood) * Mount - Allow files of unkown size to be read properly (Nick Craig-Wood) - Skip tests on <= 2 CPUs to avoid lockup (Nick Craig-Wood) - Fix panic on File.Open (Nick Craig-Wood) - Fix “mount_fusefs: -o timeout=: option not supported” on FreeBSD (Nick Craig-Wood) - Don’t pass huge filenames (>4k) to FUSE as it can’t cope (Nick Craig-Wood) * VFS - Add flag --vfs-case-insensitive for windows/macOS mounts (Ivan Andreev) - Make objects of unknown size readable through the VFS (Nick Craig-Wood) - Move writeback of dirty data out of close() method into its own method (FlushWrites) and remove close() call from Flush() (Brett Dutro) - Stop empty dirs disappearing when renamed on bucket based remotes (Nick Craig-Wood) - Stop change notify polling clearing so much of the directory cache (Nick Craig-Wood) * Azure Blob - Disable logging to the Windows event log (Nick Craig-Wood) * B2 - Remove unverified: prefix on sha1 to improve interop (eg with CyberDuck) (Nick Craig-Wood) * Box - Add options to get access token via JWT auth (David) * Drive - Disable HTTP/2 by default to work around INTERNAL_ERROR problems (Nick Craig-Wood) - Make sure that drive root ID is always canonical (Nick Craig-Wood) - Fix --drive-shared-with-me from the root with lsand --fast-list (Nick Craig-Wood) - Fix ChangeNotify polling for shared drives (Nick Craig-Wood) - Fix change notify polling when using appDataFolder (Nick Craig-Wood) * Dropbox - Make disallowed filenames errors not retry (Nick Craig-Wood) - Fix nil pointer exception on restricted files (Nick Craig-Wood) * Fichier - Fix accessing files > 2GB on 32 bit systems (Nick Craig-Wood) * FTP - Allow disabling EPSV mode (Jon Fautley) * HTTP - HEAD directory entries in parallel to speedup (Nick Craig-Wood) - Add --http-no-head to stop rclone doing HEAD in listings (Nick Craig-Wood) * Putio - Add ability to resume uploads (Cenk Alti) * S3 - Fix signature v2_auth headers (Anthony Rusdi) - Fix encoding for control characters (Nick Craig-Wood) - Only ask for URL encoded directory listings if we need them on Ceph (Nick Craig-Wood) - Add option for multipart failiure behaviour (Aleksandar Jankovic) - Support for multipart copy (庄天翼) - Fix nil pointer reference if no metadata returned for object (Nick Craig-Wood) * SFTP - Fix --sftp-ask-password trying to contact the ssh agent (Nick Craig-Wood) - Fix hashes of files with backslashes (Nick Craig-Wood) - Include more ciphers with --sftp-use-insecure-cipher (Carlos Ferreyra) * WebDAV - Parse and return Sharepoint error response (Henning Surmeier) - Update to version 1.49.4 * Bug Fixes - cmd/rcd: Address ZipSlip vulnerability (Richard Patel) - accounting: Fix file handle leak on errors (Nick Craig-Wood) - oauthutil: Fix security problem when running with two users on the same machine (Nick Craig-Wood) * FTP - Fix listing of an empty root returning: error dir not found (Nick Craig-Wood) * S3 - Fix SetModTime on GLACIER/ARCHIVE objects and implement set/get tier (Nick Craig-Wood) - Update to version 1.49.3 * Bug Fixes - accounting + Fix total duration calculation (Aleksandar Jankovic) + Fix “file already closed” on transfer retries (Nick Craig-Wood) - Update to version 1.49.2 * New Features - build: Add Docker workflow support (Alfonso Montero) * Bug Fixes - accounting: Fix locking in Transfer to avoid deadlock with --progress (Nick Craig-Wood) - docs: Fix template argument for mktemp in install.sh (Cnly) - operations: Fix -u/--update with google photos / files of unknown size (Nick Craig-Wood) - rc: Fix docs for config/create /update /password (Nick Craig-Wood) * Google Cloud Storage - Fix need for elevated permissions on SetModTime (Nick Craig-Wood) - Update to version 1.49.1 * Bug Fixes - config: Fix generated passwords being stored as empty password (Nick Craig-Wood) - rcd: Added missing parameter for web-gui info logs. (Chaitanya) * Googlephotos - Fix crash on error response (Nick Craig-Wood) * Onedrive - Fix crash on error response (Nick Craig-Wood) - Update to version 1.49.0 * New backends - 1fichier (Laura Hausmann) - Google Photos (Nick Craig-Wood) - Putio (Cenk Alti) - premiumize.me (Nick Craig-Wood) * New Features - Experimental web GUI (Chaitanya Bankanhal) - Implement --compare-dest & --copy-dest (yparitcher) - Implement --suffix without --backup-dir for backup to current dir (yparitcher) - config reconnect to re-login (re-run the oauth login) for the backend. (Nick Craig-Wood) - config userinfo to discover which user you are logged in as. (Nick Craig-Wood) - config disconnect to disconnect you (log out) from the backend. (Nick Craig-Wood) - Add --use-json-log for JSON logging (justinalin) - Add context propagation to rclone (Aleksandar Jankovic) - Reworking internal statistics interfaces so they work with rc jobs (Aleksandar Jankovic) - Add Higher units for ETA (AbelThar) - Update rclone logos to new design (Andreas Chlupka) - hash: Add CRC-32 support (Cenk Alti) - help showbackend: Fixed advanced option category when there are no standard options (buengese) - ncdu: Display/Copy to Clipboard Current Path (Gary Kim) - operations: + Run hashing operations in parallel (Nick Craig-Wood) + Don’t calculate checksums when using --ignore-checksum (Nick Craig-Wood) + Check transfer hashes when using --size-only mode (Nick Craig-Wood) + Disable multi thread copy for local to local copies (Nick Craig-Wood) + Debug successful hashes as well as failures (Nick Craig-Wood) - rc + Add ability to stop async jobs (Aleksandar Jankovic) + Return current settings if core/bwlimit called without parameters (Nick Craig-Wood) + Rclone-WebUI integration with rclone (Chaitanya Bankanhal) + Added command line parameter to control the cross origin resource sharing (CORS) in the rcd. (Security Improvement) (Chaitanya Bankanhal) + Add anchor tags to the docs so links are consistent (Nick Craig-Wood) + Remove _async key from input parameters after parsing so later operations won’t get confused (buengese) + Add call to clear stats (Aleksandar Jankovic) - rcd + Auto-login for web-gui (Chaitanya Bankanhal) + Implement --baseurl for rcd and web-gui (Chaitanya Bankanhal) - serve dlna + Only select interfaces which can multicast for SSDP (Nick Craig-Wood) + Add more builtin mime types to cover standard audio/video (Nick Craig-Wood) + Fix missing mime types on Android causing missing videos (Nick Craig-Wood) - serve ftp + Refactor to bring into line with other serve commands (Nick Craig-Wood) + Implement --auth-proxy (Nick Craig-Wood) - serve http: Implement --baseurl (Nick Craig-Wood) - serve restic: Implement --baseurl (Nick Craig-Wood) - serve sftp + Implement auth proxy (Nick Craig-Wood) + Fix detection of whether server is authorized (Nick Craig-Wood) - serve webdav + Implement --baseurl (Nick Craig-Wood) + Support --auth-proxy (Nick Craig-Wood) * Bug Fixes - Make “bad record MAC” a retriable error (Nick Craig-Wood) - copyurl: Fix copying files that return HTTP errors (Nick Craig-Wood) - march: Fix checking sub-directories when using --no-traverse (buengese) - rc + Fix unmarshalable http.AuthFn in options and put in test for marshalability (Nick Craig-Wood) + Move job expire flags to rc to fix initalization problem (Nick Craig-Wood) + Fix --loopback with rc/list and others (Nick Craig-Wood) - rcat: Fix slowdown on systems with multiple hashes (Nick Craig-Wood) - rcd: Fix permissions problems on cache directory with web gui download (Nick Craig-Wood) * Mount - Default --deamon-timout to 15 minutes on macOS and FreeBSD (Nick Craig-Wood) - Update docs to show mounting from root OK for bucket based (Nick Craig-Wood) - Remove nonseekable flag from write files (Nick Craig-Wood) * VFS - Make write without cache more efficient (Nick Craig-Wood) - Fix --vfs-cache-mode minimal and writes ignoring cached files (Nick Craig-Wood) * Local - Add --local-case-sensitive and --local-case-insensitive (Nick Craig-Wood) - Avoid polluting page cache when uploading local files to remote backends (Michał Matczuk) - Don’t calculate any hashes by default (Nick Craig-Wood) - Fadvise run syscall on a dedicated go routine (Michał Matczuk) * Azure Blob - Azure Storage Emulator support (Sandeep) - Updated config help details to remove connection string references (Sandeep) - Make all operations work from the root (Nick Craig-Wood) * B2 - Implement link sharing (yparitcher) - Enable server side copy to copy between buckets (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * Drive - Fix server side copy of big files (Nick Craig-Wood) - Update API for teamdrive use (Nick Craig-Wood) - Add error for purge with --drive-trashed-only (ginvine) * Fichier - Make FolderID int and adjust related code (buengese) * Google Cloud Storage - Reduce oauth scope requested as suggested by Google (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * HTTP - Add --http-headers flag for setting arbitrary headers (Nick Craig-Wood) * Jottacloud - Use new api for retrieving internal username (buengese) - Refactor configuration and minor cleanup (buengese) * Koofr - Support setting modification times on Koofr backend. (jaKa) * Opendrive - Refactor to use existing lib/rest facilities for uploads (Nick Craig-Wood) * Qingstor - Upgrade to v3 SDK and fix listing loop (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * S3 - Add INTELLIGENT_TIERING storage class (Matti Niemenmaa) - Make all operations work from the root (Nick Craig-Wood) * SFTP - Add missing interface check and fix About (Nick Craig-Wood) - Completely ignore all modtime checks if SetModTime=false (Jon Fautley) - Support md5/sha1 with rsync.net (Nick Craig-Wood) - Save the md5/sha1 command in use to the config file for efficiency (Nick Craig-Wood) - Opt-in support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 (Yi FU) * Swift - Use FixRangeOption to fix 0 length files via the VFS (Nick Craig-Wood) - Fix upload when using no_chunk to return the correct size (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) - Fix segments leak during failed large file uploads. (nguyenhuuluan434) * WebDAV - Add --webdav-bearer-token-command (Nick Craig-Wood) - Refresh token when it expires with --webdav-bearer-token-command (Nick Craig-Wood) - Add docs for using bearer_token_command with oidc-agent (Paul Millar) - Fix executable permission - Update to version 1.48.0 * New commands - serve sftp: Serve an rclone remote over SFTP (Nick Craig-Wood) * New Features - Multi threaded downloads to local storage (Nick Craig-Wood) controlled with --multi-thread-cutoff and --multi-thread-streams - Use rclone.conf from rclone executable directory to enable portable use (albertony) - Allow sync of a file and a directory with the same name (forgems) this is common on bucket based remotes, eg s3, gcs - Add --ignore-case-sync for forced case insensitivity (garry415) - Implement --stats-one-line-date and --stats-one-line-date-format (Peter Berbec) - Log an ERROR for all commands which exit with non-zero status (Nick Craig-Wood) - Use go-homedir to read the home directory more reliably (Nick Craig-Wood) - Enable creating encrypted config through external script invocation (Wojciech Smigielski) - build: Drop support for go1.8 (Nick Craig-Wood) - config: Make config create/update encrypt passwords where necessary (Nick Craig-Wood) - copyurl: Honor --no-check-certificate (Stefan Breunig) - install: Linux skip man pages if no mandb (didil) - lsf: Support showing the Tier of the object (Nick Craig-Wood) - lsjson + Added EncryptedPath to output (calisro) + Support showing the Tier of the object (Nick Craig-Wood) + Add IsBucket field for bucket based remote listing of the root (Nick Craig-Wood) - rc + Add --loopback flag to run commands directly without a server (Nick Craig-Wood) + Add operations/fsinfo: Return information about the remote (Nick Craig-Wood) + Skip auth for OPTIONS request (Nick Craig-Wood) + cmd/providers: Add DefaultStr, ValueStr and Type fields (Nick Craig-Wood) + jobs: Make job expiry timeouts configurable (Aleksandar Jankovic) - serve dlna reworked and improved (Dan Walters) - serve ftp: add --ftp-public-ip flag to specify public IP (calistri) - serve restic: Add support for --private-repos in serve restic (Florian Apolloner) - serve webdav: Combine serve webdav and serve http (Gary Kim) - size: Ignore negative sizes when calculating total (Garry McNulty) * Bug Fixes - Make move and copy individual files obey --backup-dir (Nick Craig-Wood) - If --ignore-checksum is in effect, don’t calculate checksum (Nick Craig-Wood) - moveto: Fix case-insensitive same remote move (Gary Kim) - rc: Fix serving bucket based objects with --rc-serve (Nick Craig-Wood) - serve webdav: Fix serveDir not being updated with changes from webdav (Gary Kim) * Mount - Fix poll interval documentation (Animosity022) * VFS - Make WriteAt for non cached files work with non-sequential writes (Nick Craig-Wood) * Local - Only calculate the required hashes for big speedup (Nick Craig-Wood) - Log errors when listing instead of returning an error (Nick Craig-Wood) - Fix preallocate warning on Linux with ZFS (Nick Craig-Wood) * Crypt - Make rclone dedupe work through crypt (Nick Craig-Wood) - Fix wrapping of ChangeNotify to decrypt directories properly (Nick Craig-Wood) - Support PublicLink (rclone link) of underlying backend (Nick Craig-Wood) - Implement Optional methods SetTier, GetTier (Nick Craig-Wood) * B2 - Implement server side copy (Nick Craig-Wood) - Implement SetModTime (Nick Craig-Wood) * Drive - Fix move and copy from TeamDrive to GDrive (Fionera) - Add notes that cleanup works in the background on drive (Nick Craig-Wood) - Add --drive-server-side-across-configs to default back to old server side copy semantics by default (Nick Craig-Wood) - Add --drive-size-as-quota to show storage quota usage for file size (Garry McNulty) * FTP - Add FTP List timeout (Jeff Quinn) - Add FTP over TLS support (Gary Kim) - Add --ftp-no-check-certificate option for FTPS (Gary Kim) * Google Cloud Storage - Fix upload errors when uploading pre 1970 files (Nick Craig-Wood) * Jottacloud - Add support for selecting device and mountpoint. (buengese) * Mega - Add cleanup support (Gary Kim) * Onedrive - More accurately check if root is found (Cnly) * S3 - Suppport S3 Accelerated endpoints with --s3-use-accelerate-endpoint (Nick Craig-Wood) - Add config info for Wasabi’s EU Central endpoint (Robert Marko) - Make SetModTime work for GLACIER while syncing (Philip Harvey) * SFTP - Add About support (Gary Kim) - Fix about parsing of df results so it can cope with -ve results (Nick Craig-Wood) - Send custom client version and debug server version (Nick Craig-Wood) * WebDAV - Retry on 423 Locked errors (Nick Craig-Wood) Moderate SUSE bug 1179005 CVE-2020-28924 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for podman fixes the following issues: Security issue fixed: - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API (bsc#1176804). Non-security issues fixed: - add dependency to timezone package or podman fails to build a container (bsc#1178122) - Install new auto-update system units - Update to v2.1.1 (bsc#1178392): * Changes - The `podman info` command now includes the cgroup manager Podman is using. * API - The REST API now includes a Server header in all responses. - Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container. - Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter. - Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error. - Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) [#7722]. - The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release. - Changes in v2.1.0 * Features - A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it [#1433]. - The `podman save` and `podman load` commands can now create and load archives containing multiple images [#2669]. - Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks. - The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present. - The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy [#6400]. - The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport. - The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications. - The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units. - The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container [#6458]. - The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host. - The `podman play kube` command now supports the Socket HostPath type [#7112]. - The `podman play kube` command now supports read-only mounts. - The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels. - The `podman play kube` command now supports setting container restart policy [#7656]. - The `podman play kube` command now properly handles `HostAlias` entries. - The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries. - The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods. - The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container). - The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container. - The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container [#5128]. - Environment variables for Podman can now be added in the `containers.conf` configuration file. - The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal. - The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem. - Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems. - The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran. - A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called. - The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options. * Security - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API. * Changes - Podman will now retry pulling an image 3 times if a pull fails due to network errors. - The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did. - Error messages when creating a container or pod with a name that is already in use have been improved. - For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`. - The `podman system reset` command no longer removes configuration files for rootless Podman. * API - The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API. - Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available! - Added an endpoint for generating systemd unit files for containers. - The `last` parameter to the Libpod container list endpoint now has an alias, `limit` [#6413]. - The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings - The Compat Inspect endpoint for containers now includes port information in NetworkSettings. - The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter [#6797]. - Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts. - Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present. - Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images. - Fixed a bug where name history information was not properly added in the Libpod Image List endpoint. - Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses. - Added a `noTrunc` option to the Libpod image search endpoint. - Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present [#7392]. - Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data [#7195]. - Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed. - The Compat List endpoint for networks now supports filtering results [#7462]. - Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existent pod. - Fixed a bug where Pull endpoints did not stream progress back to the client. - The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker. - All non-hijacking responses to API requests should not include headers with the version of the server. - Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred [#7263]. - Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client. - Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting. - Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly. - Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format [#7196]. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1176804 SUSE bug 1178122 SUSE bug 1178392 CVE-2020-14370 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page configurations which could have allowed unauthorized web page reads (bsc#1160682). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1160682 CVE-2019-20372 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178882 CVE-2020-8277 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dash fixes the following issues: - Fixed an issue where code was executed even if noexec ('-n') was specified (bsc#1178978). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178978 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.14 fixes the following issues: - go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41991 runtime: macOS-only segfault on 1.14+ with 'split stack overflow' * go#41913 net/http: request.Clone doesn't deep copy TransferEncoding * go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal * go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1164903 SUSE bug 1178750 SUSE bug 1178752 SUSE bug 1178753 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for perl-DBI fixes the following issues: - DBD::File drivers could open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). [bsc#1176492, CVE-2014-10401, CVE-2014-10402] This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1176492 CVE-2014-10401 CVE-2014-10402 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wpa_supplicant fixes the following issues: Security issue fixed: - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass (bsc#1150934). Non-security issues fixed: - Enable SAE support (jsc#SLE-14992). - Limit P2P_DEVICE name to appropriate ifname size. - Fix wicked wlan (bsc#1156920) - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331) - With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331) - Fix WLAN config on boot with wicked. (bsc#1166933) - Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - Changed service-files for start after network (systemd-networkd). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1131644 SUSE bug 1131868 SUSE bug 1131870 SUSE bug 1131871 SUSE bug 1131872 SUSE bug 1131874 SUSE bug 1133640 SUSE bug 1144443 SUSE bug 1150934 SUSE bug 1156920 SUSE bug 1166933 SUSE bug 1167331 SUSE bug 930077 SUSE bug 930078 SUSE bug 930079 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-8041 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-16275 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843). - Major batch refactor of ceph-volume that addresses a couple of issues (bsc#1151612, bsc#1158257) - Documented Prometheus' security model (bsc#1169134) - monclient: Fixed an issue where executing several ceph commands in a short amount of time led to a segmentation fault (bsc#1170487) - Fixed an issue, where it was not possible to edit an iSCSI logged-in client (bsc#1174591) - Fixed an issue, where OSDs could not get started after they failed (bsc#1175061) - Fixed an issue with the restful module, where it aborted on execution for POST calls (bsc#1175240) - Fixed a many-to-many issue in host-details Grafana dashboard (bsc#1175585) - Fixed collection_list ordering in os/bluestore (bsc#1172546) - Fixed help output of lvmcache (bsc#1175781) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1151612 SUSE bug 1158257 SUSE bug 1169134 SUSE bug 1170487 SUSE bug 1174591 SUSE bug 1175061 SUSE bug 1175240 SUSE bug 1175781 SUSE bug 1177843 CVE-2020-25660 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wicked fixes the following issues: - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1160904 SUSE bug 1160906 CVE-2019-18903 CVE-2020-7217 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1084671 SUSE bug 1092920 SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1151377 SUSE bug 1154256 SUSE bug 1155207 SUSE bug 1155574 SUSE bug 1156213 SUSE bug 1156482 SUSE bug 1158485 SUSE bug 1159814 SUSE bug 1161436 SUSE bug 1162108 CVE-2019-20386 CVE-2020-1712 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libqt5-qtbase fixes the following issues: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). Other issue fixed: - Fixed comboboxes not showing in correct location (bsc#1158667). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1158667 SUSE bug 1161167 CVE-2020-0569 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1158194 CVE-2019-19451 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for buildah fixes the following issues: buildah was updated to v1.17.0 (bsc#1165184): * Handle cases where other tools mount/unmount containers * overlay.MountReadOnly: support RO overlay mounts * overlay: use fusermount for rootless umounts * overlay: fix umount * Switch default log level of Buildah to Warn. Users need to see these messages * Drop error messages about OCI/Docker format to Warning level * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2 * tests/testreport: adjust for API break in storage v1.23.6 * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7 * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6 * copier: put: ignore Typeflag='g' * Use curl to get repo file (fix #2714) * build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0 * build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1 * Remove docs that refer to bors, since we're not using it * Buildah bud should not use stdin by default * bump containerd, docker, and golang.org/x/sys * Makefile: cross: remove windows.386 target * copier.copierHandlerPut: don't check length when there are errors * Stop excessive wrapping * CI: require that conformance tests pass * bump(github.com/openshift/imagebuilder) to v1.1.8 * Skip tlsVerify insecure BUILD_REGISTRY_SOURCES * Fix build path wrong containers/podman#7993 * refactor pullpolicy to avoid deps * build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0 * CI: run gating tasks with a lot more memory * ADD and COPY: descend into excluded directories, sometimes * copier: add more context to a couple of error messages * copier: check an error earlier * copier: log stderr output as debug on success * Update nix pin with make nixpkgs * Set directory ownership when copied with ID mapping * build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 * build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0 * Cirrus: Remove bors artifacts * Sort build flag definitions alphabetically * ADD: only expand archives at the right time * Remove configuration for bors * Shell Completion for podman build flags * Bump c/common to v0.24.0 * New CI check: xref --help vs man pages * CI: re-enable several linters * Move --userns-uid-map/--userns-gid-map description into buildah man page * add: preserve ownerships and permissions on ADDed archives * Makefile: tweak the cross-compile target * Bump containers/common to v0.23.0 * chroot: create bind mount targets 0755 instead of 0700 * Change call to Split() to safer SplitN() * chroot: fix handling of errno seccomp rules * build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0 * Add In Progress section to contributing * integration tests: make sure tests run in ${topdir}/tests * Run(): ignore containers.conf's environment configuration * Warn when setting healthcheck in OCI format * Cirrus: Skip git-validate on branches * tools: update git-validation to the latest commit * tools: update golangci-lint to v1.18.0 * Add a few tests of push command * Add(): fix handling of relative paths with no ContextDir * build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0 * Lint: Use same linters as podman * Validate: reference HEAD * Fix buildah mount to display container names not ids * Update nix pin with make nixpkgs * Add missing --format option in buildah from man page * Fix up code based on codespell * build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7 * build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5 * Improve buildah completions * Cirrus: Fix validate commit epoch * Fix bash completion of manifest flags * Uniform some man pages * Update Buildah Tutorial to address BZ1867426 * Update bash completion of manifest add sub command * copier.Get(): hard link targets shouldn't be relative paths * build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2 * Pass timestamp down to history lines * Timestamp gets updated everytime you inspect an image * bud.bats: use absolute paths in newly-added tests * contrib/cirrus/lib.sh: don't use CN for the hostname * tests: Add some tests * Update manifest add man page * Extend flags of manifest add * build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4 * build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 * CI: expand cross-compile checks Update to v1.16.2: * fix build on 32bit arches * containerImageRef.NewImageSource(): don't always force timestamps * Add fuse module warning to image readme * Heed our retry delay option values when retrying commit/pull/push * Switch to containers/common for seccomp * Use --timestamp rather then --omit-timestamp * docs: remove outdated notice * docs: remove outdated notice * build-using-dockerfile: add a hidden --log-rusage flag * build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 * Discard ReportWriter if user sets options.Quiet * build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3 * Fix ownership of content copied using COPY --from * newTarDigester: zero out timestamps in tar headers * Update nix pin with `make nixpkgs` * bud.bats: correct .dockerignore integration tests * Use pipes for copying * run: include stdout in error message * run: use the correct error for errors.Wrapf * copier: un-export internal types * copier: add Mkdir() * in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE * docs/buildah-commit.md: tweak some wording, add a --rm example * imagebuildah: don’t blank out destination names when COPYing * Replace retry functions with common/pkg/retry * StageExecutor.historyMatches: compare timestamps using .Equal * Update vendor of containers/common * Fix errors found in coverity scan * Change namespace handling flags to better match podman commands * conformance testing: ignore buildah.BuilderIdentityAnnotation labels * Vendor in containers/storage v1.23.0 * Add buildah.IsContainer interface * Avoid feeding run_buildah to pipe * fix(buildahimage): add xz dependency in buildah image * Bump github.com/containers/common from 0.15.2 to 0.18.0 * Howto for rootless image building from OpenShift * Add --omit-timestamp flag to buildah bud * Update nix pin with `make nixpkgs` * Shutdown storage on failures * Handle COPY --from when an argument is used * Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0 * Cirrus: Use newly built VM images * Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92 * Enhance the .dockerignore man pages * conformance: add a test for COPY from subdirectory * fix bug manifest inspct * Add documentation for .dockerignore * Add BuilderIdentityAnnotation to identify buildah version * DOC: Add quay.io/containers/buildah image to README.md * Update buildahimages readme * fix spelling mistake in 'info' command result display * Don't bind /etc/host and /etc/resolv.conf if network is not present * blobcache: avoid an unnecessary NewImage() * Build static binary with `buildGoModule` * copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit * tarFilterer: handle multiple archives * Fix a race we hit during conformance tests * Rework conformance testing * Update 02-registries-repositories.md * test-unit: invoke cmd/buildah tests with --flags * parse: fix a type mismatch in a test * Fix compilation of tests/testreport/testreport * build.sh: log the version of Go that we're using * test-unit: increase the test timeout to 40/45 minutes * Add the 'copier' package * Fix & add notes regarding problematic language in codebase * Add dependency on github.com/stretchr/testify/require * CompositeDigester: add the ability to filter tar streams * BATS tests: make more robust * vendor golang.org/x/text@v0.3.3 * Switch golang 1.12 to golang 1.13 * imagebuildah: wait for stages that might not have even started yet * chroot, run: not fail on bind mounts from /sys * chroot: do not use setgroups if it is blocked * Set engine env from containers.conf * imagebuildah: return the right stage's image as the 'final' image * Fix a help string * Deduplicate environment variables * switch containers/libpod to containers/podman * Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3 * Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0 * Mask out /sys/dev to prevent information leak * linux: skip errors from the runtime kill * Mask over the /sys/fs/selinux in mask branch * Add VFS additional image store to container * tests: add auth tests * Allow 'readonly' as alias to 'ro' in mount options * Ignore OS X specific consistency mount option * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 * Bump github.com/containers/common from 0.14.0 to 0.15.2 * Rootless Buildah should default to IsolationOCIRootless * imagebuildah: fix inheriting multi-stage builds * Make imagebuildah.BuildOptions.Architecture/OS optional * Make imagebuildah.BuildOptions.Jobs optional * Resolve a possible race in imagebuildah.Executor.startStage() * Switch scripts to use containers.conf * Bump openshift/imagebuilder to v1.1.6 * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 * buildah, bud: support --jobs=N for parallel execution * executor: refactor build code inside new function * Add bud regression tests * Cirrus: Fix missing htpasswd in registry img * docs: clarify the 'triples' format * CHANGELOG.md: Fix markdown formatting * Add nix derivation for static builds * Bump to v1.16.0-dev - Update to v1.15.1 * Mask over the /sys/fs/selinux in mask branch * chroot: do not use setgroups if it is blocked * chroot, run: not fail on bind mounts from /sys * Allow 'readonly' as alias to 'ro' in mount options * Add VFS additional image store to container * vendor golang.org/x/text@v0.3.3 * Make imagebuildah.BuildOptions.Architecture/OS optional Update to v1.15.0: * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt * fix lighttpd example * remove dependency on openshift struct * Warn on unset build arguments * vendor: update seccomp/containers-golang to v0.4.1 * Updated docs * clean up comments * update exit code for tests * Implement commit for encryption * implementation of encrypt/decrypt push/pull/bud/from * fix resolve docker image name as transport * Add preliminary profiling support to the CLI * Evaluate symlinks in build context directory * fix error info about get signatures for containerImageSource * Add Security Policy * Cirrus: Fixes from review feedback * imagebuildah: stages shouldn't count as their base images * Update containers/common v0.10.0 * Add registry to buildahimage Dockerfiles * Cirrus: Use pre-installed VM packages + F32 * Cirrus: Re-enable all distro versions * Cirrus: Update to F31 + Use cache images * golangci-lint: Disable gosimple * Lower number of golangci-lint threads * Fix permissions on containers.conf * Don't force tests to use runc * Return exit code from failed containers * cgroup_manager should be under [engine] * Use c/common/pkg/auth in login/logout * Cirrus: Temporarily disable Ubuntu 19 testing * Add containers.conf to stablebyhand build * Update gitignore to exclude test Dockerfiles * Remove warning for systemd inside of container Update to v1.14.6: * Make image history work correctly with new args handling * Don't add args to the RUN environment from the Builder Update to v1.14.5: * Revert FIPS mode change Update to v1.14.4: * Update unshare man page to fix script example * Fix compilation errors on non linux platforms * Preserve volume uid and gid through subsequent commands * Fix potential CVE in tarfile w/ symlink * Fix .dockerignore with globs and ! commands Update to v1.14.2: * Search for local runtime per values in containers.conf * Set correct ownership on working directory * Improve remote manifest retrieval * Correct a couple of incorrect format specifiers * manifest push --format: force an image type, not a list type * run: adjust the order in which elements are added to $ * getDateAndDigestAndSize(): handle creation time not being set * Make the commit id clear like Docker * Show error on copied file above context directory in build * pull/from/commit/push: retry on most failures * Repair buildah so it can use containers.conf on the server side * Fixing formatting & build instructions * Fix XDG_RUNTIME_DIR for authfile * Show validation command-line Update to v1.14.0: * getDateAndDigestAndSize(): use manifest.Digest * Touch up os/arch doc * chroot: handle slightly broken seccomp defaults * buildahimage: specify fuse-overlayfs mount options * parse: don't complain about not being able to rename something to itself * Fix build for 32bit platforms * Allow users to set OS and architecture on bud * Fix COPY in containerfile with envvar * Add --sign-by to bud/commit/push, --remove-signatures for pull/push * Add support for containers.conf * manifest push: add --format option Update to v1.13.1: * copyFileWithTar: close source files at the right time * copy: don't digest files that we ignore * Check for .dockerignore specifically * Don't setup excludes, if their is only one pattern to match * set HOME env to /root on chroot-isolation by default * docs: fix references to containers-*.5 * fix bug Add check .dockerignore COPY file * buildah bud --volume: run from tmpdir, not source dir * Fix imageNamePrefix to give consistent names in buildah-from * cpp: use -traditional and -undef flags * discard outputs coming from onbuild command on buildah-from --quiet * make --format columnizing consistent with buildah images * Fix option handling for volumes in build * Rework overlay pkg for use with libpod * Fix buildahimage builds for buildah * Add support for FIPS-Mode backends * Set the TMPDIR for pulling/pushing image to $TMPDIR Update to v1.12.0: * Allow ADD to use http src * imgtype: reset storage opts if driver overridden * Start using containers/common * overlay.bats typo: fuse-overlays should be fuse-overlayfs * chroot: Unmount with MNT_DETACH instead of UnmountMountpoints() * bind: don't complain about missing mountpoints * imgtype: check earlier for expected manifest type * Add history names support Update to v1.11.6: * Handle missing equal sign in --from and --chown flags for COPY/ADD * bud COPY does not download URL * Fix .dockerignore exclude regression * commit(docker): always set ContainerID and ContainerConfig * Touch up commit man page image parameter * Add builder identity annotations. Update to v1.11.5: * buildah: add 'manifest' command * pkg/supplemented: add a package for grouping images together * pkg/manifests: add a manifest list build/manipulation API * Update for ErrUnauthorizedForCredentials API change in containers/image * Update for manifest-lists API changes in containers/image * version: also note the version of containers/image * Move to containers/image v5.0.0 * Enable --device directory as src device * Add clarification to the Tutorial for new users * Silence 'using cache' to ensure -q is fully quiet * Move runtime flag to bud from common * Commit: check for storage.ErrImageUnknown using errors.Cause() * Fix crash when invalid COPY --from flag is specified. Update to v1.11.4: * buildah: add a 'manifest' command * pkg/manifests: add a manifest list build/manipulation API * Update for ErrUnauthorizedForCredentials API change in containers/image * Update for manifest-lists API changes in containers/image * Move to containers/image v5.0.0 * Enable --device directory as src device * Add clarification to the Tutorial for new users * Silence 'using cache' to ensure -q is fully quiet * Move runtime flag to bud from common * Commit: check for storage.ErrImageUnknown using errors.Cause() * Fix crash when invalid COPY --from flag is specified. Update to v1.11.3: * Add cgroups2 * Add support for retrieving context from stdin '-' * Added tutorial on how to include Buildah as library * Fix --build-args handling * Print build 'STEP' line to stdout, not stderr * Use Containerfile by default Update to v1.11.2: * Add some cleanup code * Move devices code to unit specific directory. Update to v1.11.1: * Add --devices flag to bud and from * Add support for /run/.containerenv * Allow mounts.conf entries for equal source and destination paths * Fix label and annotation for 1-line Dockerfiles * Preserve file and directory mount permissions * Replace --debug=false with --log-level=error * Set TMPDIR to /var/tmp by default * Truncate output of too long image names * Ignore EmptyLayer if Squash is set Update to v1.11.0: * Add --digestfile and Re-add push statement as debug * Add --log-level command line option and deprecate --debug * Add security-related volume options to validator * Allow buildah bud to be called without arguments * Allow to override build date with SOURCE_DATE_EPOCH * Correctly detect ExitError values from Run() * Disable empty logrus timestamps to reduce logger noise * Fix directory pull image names * Fix handling of /dev/null masked devices * Fix possible runtime panic on bud * Update bud/from help to contain indicator for --dns=none * Update documentation about bud * Update shebangs to take env into consideration * Use content digests in ADD/COPY history entries * add support for cgroupsV2 * add: add a DryRun flag to AddAndCopyOptions * add: handle hard links when copying with .dockerignore * add: teach copyFileWithTar() about symlinks and directories * imagebuilder: fix detection of referenced stage roots * pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES * run_linux: fix mounting /sys in a userns Update to v1.10.1: * Add automatic apparmor tag discovery * Add overlayfs to fuse-overlayfs tip * Bug fix for volume minus syntax * Bump container/storage v1.13.1 and containers/image v3.0.1 * Bump containers/image to v3.0.2 to fix keyring issue * Fix bug whereby --get-login has no effect * Bump github.com/containernetworking/cni to v0.7.1 - Add appamor-pattern requirement - Update build process to match the latest repository architecture - Update to v1.10.0 * vendor github.com/containers/image@v3.0.0 * Remove GO111MODULE in favor of -mod=vendor * Vendor in containers/storage v1.12.16 * Add '-' minus syntax for removal of config values * tests: enable overlay tests for rootless * rootless, overlay: use fuse-overlayfs * vendor github.com/containers/image@v2.0.1 * Added '-' syntax to remove volume config option * delete successfully pushed message * Add golint linter and apply fixes * vendor github.com/containers/storage@v1.12.15 * Change wait to sleep in buildahimage readme * Handle ReadOnly images when deleting images * Add support for listing read/only images * from/import: record the base image's digest, if it has one * Fix CNI version retrieval to not require network connection * Add misspell linter and apply fixes * Add goimports linter and apply fixes * Add stylecheck linter and apply fixes * Add unconvert linter and apply fixes * image: make sure we don't try to use zstd compression * run.bats: skip the 'z' flag when testing --mount * Update to runc v1.0.0-rc8 * Update to match updated runtime-tools API * bump github.com/opencontainers/runtime-tools to v0.9.0 * Build e2e tests using the proper build tags * Add unparam linter and apply fixes * Run: correct a typo in the --cap-add help text * unshare: add a --mount flag * fix push check image name is not empty * add: fix slow copy with no excludes * Add errcheck linter and fix missing error check * Improve tests/tools/Makefile parallelism and abstraction * Fix response body not closed resource leak * Switch to golangci-lint * Add gomod instructions and mailing list links * On Masked path, check if /dev/null already mounted before mounting * Update to containers/storage v1.12.13 * Refactor code in package imagebuildah * Add rootless podman with NFS issue in documentation * Add --mount for buildah run * import method ValidateVolumeOpts from libpod * Fix typo * Makefile: set GO111MODULE=off * rootless: add the built-in slirp DNS server * Update docker/libnetwork to get rid of outdated sctp package * Update buildah-login.md * migrate to go modules * install.md: mention go modules * tests/tools: go module for test binaries * fix --volume splits comma delimited option * Add bud test for RUN with a priv'd command * vendor logrus v1.4.2 * pkg/cli: panic when flags can't be hidden * pkg/unshare: check all errors * pull: check error during report write * run_linux.go: ignore unchecked errors * conformance test: catch copy error * chroot/run_test.go: export funcs to actually be executed * tests/imgtype: ignore error when shutting down the store * testreport: check json error * bind/util.go: remove unused func * rm chroot/util.go * imagebuildah: remove unused dedupeStringSlice * StageExecutor: EnsureContainerPath: catch error from SecureJoin() * imagebuildah/build.go: return instead of branching * rmi: avoid redundant branching * conformance tests: nilness: allocate map * imagebuildah/build.go: avoid redundant filepath.Join() * imagebuildah/build.go: avoid redundant os.Stat() * imagebuildah: omit comparison to bool * fix 'ineffectual assignment' lint errors * docker: ignore 'repeats json tag' lint error * pkg/unshare: use ... instead of iterating a slice * conformance: bud test: use raw strings for regexes * conformance suite: remove unused func/var * buildah test suite: remove unused vars/funcs * testreport: fix golangci-lint errors * util: remove redundant return statement * chroot: only log clean-up errors * images_test: ignore golangci-lint error * blobcache: log error when draining the pipe * imagebuildah: check errors in deferred calls * chroot: fix error handling in deferred funcs * cmd: check all errors * chroot/run_test.go: check errors * chroot/run.go: check errors in deferred calls * imagebuildah.Executor: remove unused onbuild field * docker/types.go: remove unused struct fields * util: use strings.ContainsRune instead of index check * Cirrus: Initial implementation * buildah-run: fix-out-of-range panic (2) * Update containers/image to v2.0.0 * run: fix hang with run and --isolation=chroot * run: fix hang when using run * chroot: drop unused function call * remove --> before imgageID on build * Always close stdin pipe * Write deny to setgroups when doing single user mapping * Avoid including linux/memfd.h * Add a test for the symlink pointing to a directory * Add missing continue * Fix the handling of symlinks to absolute paths * Only set default network sysctls if not rootless * Support --dns=none like podman * fix bug --cpu-shares parsing typo * Fix validate complaint * Update vendor on containers/storage to v1.12.10 * Create directory paths for COPY thereby ensuring correct perms * imagebuildah: use a stable sort for comparing build args * imagebuildah: tighten up cache checking * bud.bats: add a test verying the order of --build-args * add -t to podman run * imagebuildah: simplify screening by top layers * imagebuildah: handle ID mappings for COPY --from * imagebuildah: apply additionalTags ourselves * bud.bats: test additional tags with cached images * bud.bats: add a test for WORKDIR and COPY with absolute destinations * Cleanup Overlay Mounts content * Add support for file secret mounts * Add ability to skip secrets in mounts file * allow 32bit builds * fix tutorial instructions * imagebuilder: pass the right contextDir to Add() * add: use fileutils.PatternMatcher for .dockerignore * bud.bats: add another .dockerignore test * unshare: fallback to single usermapping * addHelperSymlink: clear the destination on os.IsExist errors * bud.bats: test replacing symbolic links * imagebuildah: fix handling of destinations that end with '/' * bud.bats: test COPY with a final '/' in the destination * linux: add check for sysctl before using it * unshare: set _CONTAINERS_ROOTLESS_GID * Rework buildahimamges * build context: support https git repos * Add a test for ENV special chars behaviour * Check in new Dockerfiles * Apply custom SHELL during build time * config: expand variables only at the command line * SetEnv: we only need to expand v once * Add default /root if empty on chroot iso * Add support for Overlay volumes into the container. * Export buildah validate volume functions so it can share code with libpod * Bump baseline test to F30 * Fix rootless handling of /dev/shm size * Avoid fmt.Printf() in the library * imagebuildah: tighten cache checking back up * Handle WORKDIR with dangling target * Default Authfile to proper path * Make buildah run --isolation follow BUILDAH_ISOLATION environment * Vendor in latest containers/storage and containers/image * getParent/getChildren: handle layerless images * imagebuildah: recognize cache images for layerless images * bud.bats: test scratch images with --layers caching * Get CHANGELOG.md updates * Add some symlinks to test our .dockerignore logic * imagebuildah: addHelper: handle symbolic links * commit/push: use an everything-allowed policy * Correct manpage formatting in files section * Remove must be root statement from buildah doc * Change image names to stable, testing and upstream * Don't create directory on container * Replace kubernetes/pause in tests with k8s.gcr.io/pause * imagebuildah: don't remove intermediate images if we need them * Rework buildahimagegit to buildahimageupstream * Fix Transient Mounts * Handle WORKDIRs that are symlinks * allow podman to build a client for windows * Touch up 1.9-dev to 1.9.0-dev * Resolve symlink when checking container path * commit: commit on every instruction, but not always with layers * CommitOptions: drop the unused OnBuild field * makeImageRef: pass in the whole CommitOptions structure * cmd: API cleanup: stores before images * run: check if SELinux is enabled * Fix buildahimages Dockerfiles to include support for additionalimages mounted from host. * Detect changes in rootdir * Fix typo in buildah-pull(1) * Vendor in latest containers/storage * Keep track of any build-args used during buildah bud --layers * commit: always set a parent ID * imagebuildah: rework unused-argument detection * fix bug dest path when COPY .dockerignore * Move Host IDMAppings code from util to unshare * Add BUILDAH_ISOLATION rootless back * Travis CI: fail fast, upon error in any step * imagebuildah: only commit images for intermediate stages if we have to * Use errors.Cause() when checking for IsNotExist errors * auto pass http_proxy to container * imagebuildah: don't leak image structs * Add Dockerfiles for buildahimages * Bump to Replace golang 1.10 with 1.12 * add --dns* flags to buildah bud * Add hack/build_speed.sh test speeds on building container images * Create buildahimage Dockerfile for Quay * rename 'is' to 'expect_output' * squash.bats: test squashing in multi-layered builds * bud.bats: test COPY --from in a Dockerfile while using the cache * commit: make target image names optional * Fix bud-args to allow comma separation * oops, missed some tests in commit.bats * new helper: expect_line_count * New tests for #1467 (string slices in cmdline opts) * Workarounds for dealing with travis; review feedback * BATS tests - extensive but minor cleanup * imagebuildah: defer pulling images for COPY --from * imagebuildah: centralize COMMIT and image ID output * Travis: do not use traviswait * imagebuildah: only initialize imagebuilder configuration once per stage * Make cleaner error on Dockerfile build errors * unshare: move to pkg/ * unshare: move some code from cmd/buildah/unshare * Fix handling of Slices versus Arrays * imagebuildah: reorganize stage and per-stage logic * imagebuildah: add empty layers for instructions * Add missing step in installing into Ubuntu * fix bug in .dockerignore support * imagebuildah: deduplicate prepended 'FROM' instructions * Touch up intro * commit: set created-by to the shell if it isn't set * commit: check that we always set a 'created-by' * docs/buildah.md: add 'containers-' prefixes under 'SEE ALSO' Update to v1.7.2 * Updates vendored containers/storage to latest version * rootless: by default use the host network namespace - Full changelog: https://github.com/containers/buildah/releases/tag/v1.6 This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1165184 SUSE bug 1167864 CVE-2019-10214 CVE-2020-10696 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wireshark fixes the following issues: - wireshark was updated to 3.2.8: - CVE-2020-26575: Fixed an issue where FBZERO dissector was entering in infinite loop (bsc#1177406) - CVE-2020-28030: Fixed an issue where GQUIC dissector was crashing (bsc#1178291) * Infinite memory allocation while parsing this tcp packet This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177406 SUSE bug 1178291 CVE-2020-26575 CVE-2020-28030 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for fontforge fixes the following issues: - fix for Use-after-free (heap) in the SFD_GetFontMetaData() function and the crash (bsc#1178308 CVE-2020-25690). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160220 SUSE bug 1178308 CVE-2020-25690 CVE-2020-5395 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libssh2_org fixes the following issues: - Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1130103 SUSE bug 1178083 CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for neomutt fixes the following issues: Update neomutt to 20201120. Address boo#1179035, CVE-2020-28896. * Security - imap: close connection on all failures * Features - alias: add function to Alias/Query dialogs - config: add validators for {imap,smtp,pop}_authenticators - config: warn when signature file is missing or not readable - smtp: support for native SMTP LOGIN auth mech - notmuch: show originating folder in index * Bug Fixes - sidebar: prevent the divider colour bleeding out - sidebar: fix <sidebar-{next,prev}-new> - notmuch: fix query for current email - restore shutdown-hook functionality - crash in reply-to - user-after-free in folder-hook - fix some leaks - fix application of limits to modified mailboxes - write Date header when postponing * Translations - 100% Lithuanian - 100% Czech - 70% Turkish * Docs - Document that $sort_alias affects the query menu * Build - improve ASAN flags - add SASL and S/MIME to --everything - fix contrib (un)install * Code - my_hdr compose screen notifications - add contracts to the MXAPI - maildir refactoring - further reduce the use of global variables * Upstream - Add $count_alternatives to count attachments inside alternatives - Changes from 20200925 * Features - Compose: display user-defined headers - Address Book / Query: live sorting - Address Book / Query: patterns for searching - Config: Add '+=' and '-=' operators for String Lists - Config: Add '+=' operator for Strings - Allow postfix query ':setenv NAME?' for env vars * Bug Fixes - Fix crash when searching with invalid regexes - Compose: Prevent infinite loop of send2-hooks - Fix sidebar on new/removed mailboxes - Restore indentation for named mailboxes - Prevent half-parsing an alias - Remove folder creation prompt for POP path - Show error if $message_cachedir doesn't point to a valid directory - Fix tracking LastDir in case of IMAP paths with Unicode characters - Make sure all mail gets applied the index limit - Add warnings to -Q query CLI option - Fix index tracking functionality * Changed Config - Add $compose_show_user_headers (yes) * Translations - 100% Czech - 100% Lithuanian - Split up usage strings * Build - Run shellcheck on hcachever.sh - Add the Address Sanitizer - Move compose files to lib under compose/ - Move address config into libaddress - Update to latest acutest - fixes a memory leak in the unit tests * Code - Implement ARRAY API - Deglobalised the Config Sort functions - Refactor the Sidebar to be Event-Driven - Refactor the Color Event - Refactor the Commands list - Make ctx_update_tables private - Reduce the scope/deps of some Validator functions - Use the Email's IMAP UID instead of an increasing number as index - debug: log window focus - Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch. No longer needed. - Update to 20200821: * Bug Fixes - fix maildir flag generation - fix query notmuch if file is missing - notmuch: don't abort sync on error - fix type checking for send config variables * Changed Config - $sidebar_format - Use %D rather than %B for named mailboxes * Translations - 96% Lithuanian - 90% Polish - fix(sidebar): abbreviate/shorten what user sees - Fix sidebar mailbox name display problem. - Update to 20200814: * Notes - Add one-liner docs to config items See: neomutt -O -Q smart_wrap - Remove the built-in editor A large unused and unusable feature * Security - Add mitigation against DoS from thousands of parts boo#1179113 * Features - Allow index-style searching in postpone menu - Open NeoMutt using a mailbox name - Add cd command to change the current working directory - Add tab-completion menu for patterns - Allow renaming existing mailboxes - Check for missing attachments in alternative parts - Add one-liner docs to config items * Bug Fixes - Fix logic in checking an empty From address - Fix Imap crash in cmd_parse_expunge() - Fix setting attributes with S-Lang - Fix: redrawing of $pager_index_lines - Fix progress percentage for syncing large mboxes - Fix sidebar drawing in presence of indentation + named mailboxes - Fix retrieval of drafts when 'postponed' is not in the mailboxes list - Do not add comments to address group terminators - Fix alias sorting for degenerate addresses - Fix attaching emails - Create directories for nonexistent file hcache case - Avoid creating mailboxes for failed subscribes - Fix crash if rejecting cert * Changed Config - Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed - Change default of $crypt_protected_headers_subject to '...' - Add default keybindings to history-up/down * Translations - 100% Czech - 100% Spanish * Build - Allow building against Lua 5.4 - Fix when sqlite3.h is missing * Docs - Add a brief section on stty to the manual - Update section 'Terminal Keybindings' in the manual - Clarify PGP Pseudo-header S<id> duration * Code - Clean up String API - Make the Sidebar more independent - De-centralise the Config Variables - Refactor dialogs - Refactor: Help Bar generation - Make more APIs Context-free - Adjust the edata use in Maildir and Notmuch - Window refactoring - Convert libsend to use Config functions - Refactor notifications to reduce noise - Convert Keymaps to use STAILQ - Track currently selected email by msgid - Config: no backing global variable - Add events for key binding * Upstream - Fix imap postponed mailbox use-after-free error - Speed up thread sort when many long threads exist - Fix ~v tagging when switching to non-threaded sorting - Add message/global to the list of known 'message' types - Print progress meter when copying/saving tagged messages - Remove ansi formatting from autoview generated quoted replies - Change postpone mode to write Date header too - Unstuff format=flowed - Update to 20200626: * Bug Fixes - Avoid opening the same hcache file twice - Re-open Mailbox after folder-hook - Fix the matching of the spoolfile Mailbox - Fix link-thread to link all tagged emails * Changed Config - Add $tunnel_is_secure config, defaulting to true * Upstream - Don't check IMAP PREAUTH encryption if $tunnel is in use - Add recommendation to use $ssl_force_tls - Changes from 20200501: * Security - Abort GnuTLS certificate check if a cert in the chain is rejected CVE-2020-14154 boo#1172906 - TLS: clear data after a starttls acknowledgement CVE-2020-14954 boo#1173197 - Prevent possible IMAP MITM via PREAUTH response CVE-2020-14093 boo#1172935 * Features - add config operations +=/-= for number,long - Address book has a comment field - Query menu has a comment field * Contrib sample.neomuttrc-starter: Do not echo prompted password * Bug Fixes - make 'news://' and 'nntp://' schemes interchangeable - Fix CRLF to LF conversion in base64 decoding - Double comma in query - compose: fix redraw after history - Crash inside empty query menu - mmdf: fix creating new mailbox - mh: fix creating new mailbox - mbox: error out when an mbox/mmdf is a pipe - Fix list-reply by correct parsing of List-Post headers - Decode references according to RFC2047 - fix tagged message count - hcache: fix keylen not being considered when building the full key - sidebar: fix path comparison - Don't mess with the original pattern when running IMAP searches - Handle IMAP 'NO' resps by issuing a msg instead of failing badly - imap: use the connection delimiter if provided - Memory leaks * Changed Config - $alias_format default changed to include %c comment - $query_format default changed to include %e extra info * Translations - 100% Lithuanian - 84% French - Log the translation in use * Docs - Add missing commands unbind, unmacro to man pages * Build - Check size of long using LONG_MAX instead of __WORDSIZE - Allow ./configure to not record cflags - fix out-of-tree build - Avoid locating gdbm symbols in qdbm library * Code - Refactor unsafe TAILQ returns - add window notifications - flip negative ifs - Update to latest acutest.h - test: add store tests - test: add compression tests - graphviz: email - make more opcode info available - refactor: main_change_folder() - refactor: mutt_mailbox_next() - refactor: generate_body() - compress: add {min,max}_level to ComprOps - emphasise empty loops: '// do nothing' - prex: convert is_from() to use regex - Refactor IMAP's search routines - Update to 20200501: * Bug Fixes - Make sure buffers are initialized on error - fix(sidebar): use abbreviated path if possible * Translations - 100% Lithuanian * Docs - make header cache config more explicit - Changes from 20200424: * Bug Fixes - Fix history corruption - Handle pretty much anything in a URL query part - Correctly parse escaped characters in header phrases - Fix crash reading received header - Fix sidebar indentation - Avoid crashing on failure to parse an IMAP mailbox - Maildir: handle deleted emails correctly - Ensure OP_NULL is always first * Translations - 100% Czech * Build - cirrus: enable pcre2, make pkgconf a special case - Fix finding pcre2 w/o pkgconf - build: tdb.h needs size_t, bring it in with stddef.h - Changes from 20200417: * Features - Fluid layout for Compose Screen, see: vimeo.com/407231157 - Trivial Database (TDB) header cache backend - RocksDB header cache backend - Add <sidebar-first> and <sidebar-last> functions * Bug Fixes - add error for CLI empty emails - Allow spaces and square brackets in paths - browser: fix hidden mailboxes - fix initial email display - notmuch: fix time window search. - fix resize bugs - notmuch: fix entire-thread: update current email pointer - sidebar: support indenting and shortening of names - Handle variables inside backticks in sidebar_whitelist - browser: fix mask regex error reporting * Translations - 100% Lithuanian - 99% Chinese (simplified) * Build - Use regexes for common parsing tasks: urls, dates - Add configure option --pcre2 -- Enable PCRE2 regular expressions - Add configure option --tdb -- Use TDB for the header cache - Add configure option --rocksdb -- Use RocksDB for the header cache - Create libstore (key/value backends) - Update to latest autosetup - Update to latest acutest.h - Rename doc/ directory to docs/ - make: fix location of .Po dependency files - Change libcompress to be more universal - Fix test fails on х32 - fix uidvalidity to unsigned 32-bit int * Code - Increase test coverage - Fix memory leaks - Fix null checks * Upstream - Buffer refactoring - Fix use-after-free in mutt_str_replace() - Clarify PGP Pseudo-header S<id> duration - Try to respect MUTT_QUIET for IMAP contexts too - Limit recurse depth when parsing mime messages - Update to 20200320: * Bug Fixes - Fix COLUMNS env var - Fix sync after delete - Fix crash in notmuch - Fix sidebar indent - Fix emptying trash - Fix command line sending - Fix reading large address lists - Resolve symlinks only when necessary * Translations - lithuania 100% Lithuanian - es 96% Spanish * Docs - Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output - Fix case of GPGME and SQLite * Build - Create libcompress (lz4, zlib, zstd) - Create libhistory - Create libbcache - Move zstrm to libconn * Code - Add more test coverage - Rename magic to type - Use mutt_file_fopen() on config variables - Change commands to use intptr_t for data - Update to 20200313: * Window layout - Sidebar is only visible when it's usable. * Features - UI: add number of old messages to sidebar_format - UI: support ISO 8601 calendar date - UI: fix commands that don’t need to have a non-empty mailbox to be valid - PGP: inform about successful decryption of inline PGP messages - PGP: try to infer the signing key from the From address - PGP: enable GPGMe by default - Notmuch: use query as name for vfolder-from-query - IMAP: add network traffic compression (COMPRESS=DEFLATE, RFC4978) - Header cache: add support for generic header cache compression * Bug Fixes - Fix uncollapse_jump - Only try to perform entire-thread on maildir/mh mailboxes - Fix crash in pager - Avoid logging single new lines at the end of header fields - Fix listing mailboxes - Do not recurse a non-threaded message - Fix initial window order - Fix leaks on IMAP error paths - Notmuch: compose(attach-message): support notmuch backend - Fix IMAP flag comparison code - Fix $move for IMAP mailboxes - Maildir: maildir_mbox_check_stats should only update mailbox stats if requested - Fix unmailboxes for virtual mailboxes - Maildir: sanitize filename before hashing - OAuth: if 'login' name isn't available use 'user' - Add error message on failed encryption - Fix a bunch of crashes - Force C locale for email date - Abort if run without a terminal * Changed Config - $crypt_use_gpgme - Now defaults to 'yes' (enabled) - $abort_backspace - Hitting backspace against an empty prompt aborts the prompt - $abort_key - String representation of key to abort prompts - $arrow_string - Use an custom string for arrow_cursor - $crypt_opportunistic_encrypt_strong_keys - Enable encryption only when strong a key is available - $header_cache_compress_dictionary - Filepath to dictionary for zstd compression - $header_cache_compress_level - Level of compression for method - $header_cache_compress_method - Enable generic hcache database compression - $imap_deflate - Compress network traffic - $smtp_user - Username for the SMTP server * Translations - 100% Lithuanian - 81% Spanish - 78% Russian * Build - Add libdebug - Rename public headers to lib.h - Create libcompress for compressed folders code * Code - Refactor Windows and Dialogs - Lots of code tidying - Refactor: mutt_addrlist_{search,write} - Lots of improvements to the Config code - Use Buffers more pervasively - Unify API function naming - Rename library shared headers - Refactor libconn gui dependencies - Refactor: init.[ch] - Refactor config to use subsets - Config: add path type - Remove backend deps from the connection code * Upstream - Allow ~b ~B ~h patterns in send2-hook - Rename smime oppenc mode parameter to get_keys_by_addr() - Add $crypt_opportunistic_encrypt_strong_keys config var - Fix crash when polling a closed ssl connection - Turn off auto-clear outside of autocrypt initialization - Add protected-headers='v1' to Content-Type when protecting headers - Fix segv in IMAP postponed menu caused by reopen_allow - Adding ISO 8601 calendar date - Fix $fcc_attach to not prompt in batch mode - Convert remaining mutt_encode_path() call to use struct Buffer - Fix rendering of replacement_char when Charset_is_utf8 - Update to latest acutest.h - Update to 20191207: * Features: - compose: draw status bar with highlights * Bug Fixes: - crash opening notmuch mailbox - crash in mutt_autocrypt_ui_recommendation - Avoid negative allocation - Mbox new mail - Setting of DT_MAILBOX type variables from Lua - imap: empty cmdbuf before connecting - imap: select the mailbox on reconnect - compose: fix attach message * Build: - make files conditional * Code: - enum-ify log levels - fix function prototypes - refactor virtual email lookups - factor out global Context - Changes from 20191129: * Features: - Add raw mailsize expando (%cr) * Bug Fixes: - Avoid double question marks in bounce confirmation msg - Fix bounce confirmation - fix new-mail flags and behaviour - fix: browser <descend-directory> - fix ssl crash - fix move to trash - fix flickering - Do not check hidden mailboxes for new mail - Fix new_mail_command notifications - fix crash in examine_mailboxes() - fix crash in mutt_sort_threads() - fix: crash after sending - Fix crash in tunnel's conn_close - fix fcc for deep dirs - imap: fix crash when new mail arrives - fix colour 'quoted9' - quieten messages on exit - fix: crash after failed mbox_check - browser: default to a file/dir view when attaching a file * Changed Config: - Change $write_bcc to default off * Docs: - Add a bit more documentation about sending - Clarify $write_bcc documentation. - Update documentation for raw size expando - docbook: set generate.consistent.ids to make generated html reproducible * Build: - fix build/tests for 32-bit arches - tests: fix test that would fail soon - tests: fix context for failing idna tests - Update to 20191111: Bug fixes: * browser: fix directory view * fix crash in mutt_extract_token() * force a screen refresh * fix crash sending message from command line * notmuch: use nm_default_uri if no mailbox data * fix forward attachments * fix: vfprintf undefined behaviour in body_handler * Fix relative symlink resolution * fix: trash to non-existent file/dir * fix re-opening of mbox Mailboxes * close logging as late as possible * log unknown mailboxes * fix crash in command line postpone * fix memory leaks * fix icommand parsing * fix new mail interaction with mail_check_recent Moderate SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 SUSE bug 1179035 SUSE bug 1179113 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179035 SUSE bug 1179113 CVE-2020-28896 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pcp fixes the following issues: Security issue fixed: - CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763). Non-security issue fixed: - Fixed an dependency issue with pcp2csv (bsc#1129991). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1129991 SUSE bug 1152763 SUSE bug 1153921 CVE-2019-3695 CVE-2019-3696 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.4.2 MFSA 2020-49 (bsc#1178611) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for - Mozilla Thunderbird 78.4.1 * new: Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses (bmo#84028) * fixed: Searching global search results did not work (bmo#1664761) * fixed: Link location was not focused by default when adding a hyperlink in message composer (bmo#1670660) * fixed: Advanced address book search dialog was unusable (bmo#1668147) * fixed: Encrypted draft reply emails lost 'Re:' prefix (bmo#1661510) * fixed: Replying to a newsgroup message did not open the compose window (bmo#1672667) * fixed: Unable to delete multiple newsgroup messages (bmo#1657988) * fixed: Appmenu displayed visual glitches (bmo#1636243) * fixed: Visual glitches when selecting multiple messages in the message pane and using Ctrl+click (bmo#1671800) * fixed: Switching between dark and light mode could lead to unreadable text on macOS (bmo#1668989) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178611 CVE-2020-26950 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1116600). - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability (bsc#1159548). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1114828 SUSE bug 1116600 SUSE bug 1159548 CVE-2018-16471 CVE-2019-16782 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mariadb and mariadb-connector-c fixes the following issues: - Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428] This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1175596 SUSE bug 1177472 SUSE bug 1178428 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 [Mac] Vertical spacing of sidebar items incorrect - DNA-89698 [Mac] text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer - DNA-89779 Implement multi-window behavior for pinned Player - DNA-89924 Music continue to play after the disabling Player from Sidebar - DNA-89994 Fix progress bar shape and color - DNA-89995 Fix font sizes, weights and colors of text in control panel - DNA-90010 Payment Methods in Settings mention Google account - DNA-90022 [Mac][BigSur] Crash at -[BrowserWindowController window:willPositionSheet:usingRect:] - DNA-90025 Player stays in the autopause after reloading panel – part 2 - DNA-90096 Sidebar click stat not collected for Player - DNA-90143 Adding a stat for Player sidebar clicks to the Avro schema - Update to version 72.0.3815.378 - CHR-8192 Update chromium on desktop-stable-86-3815 to 86.0.4240.198 - DNA-86550 XHRUint8Array test time out - DNA-88631 Unintended volume drop - DNA-88708 [Snap] Inproper area snapped - DNA-88726 [Mac] Overlay ‘pause’ icon when Opera auto-pauses the Player - DNA-88903 Detach video button should not be visible - DNA-88938 Make home page reflect service configuration - DNA-88943 Learn more link on home page doesnt work - DNA-88944 Apple Music service slow to open - DNA-88948 Fetch audio focus request id from MediaSession - DNA-88949 Detach video button missing - DNA-88966 No accessiblity titles for services icons in home page - DNA-88967 Investigate creating a single BrowserSidebarModel instance - DNA-88995 Overlay “pause” is displayed when it shouldn’t - DNA-89017 Error when signing out of YouTube Music - DNA-89054 Audio is not resumed when muting audio in tab - DNA-89094 DCHECK when pressing Reload button - DNA-89095 Manage service data through PlayerService - DNA-89100 [Player] Crash – many scenarios - DNA-89187 Reload button doesn’t work properly - DNA-89189 Update icons and buttons - DNA-89217 Enable #player-service on developer stream - DNA-89220 SidebarCarouselTests.* failing - DNA-89230 Crash at v8::Context::Enter() - DNA-89244 Define default widths per service - DNA-89245 Improve Spotify logo layout in home page buttons - DNA-89248 Crash at opera::WebPageBrowserSidebarItemContentViewViews ::UpdatePlayerService() - DNA-89278 [Sidebar] No notification for downloads and workspaces - DNA-89285 [Engine] Unable to launch skype with Opera - DNA-89292 Do not block page loads waiting for sitecheck data - DNA-89316 Should be able to navigate directly to playerServices section in settings - DNA-89339 Make popup appear with tooltip-like behavior - DNA-89340 Implement control panel looks in light and dark mode - DNA-89341 Make the control panel buttons work - DNA-89342 Add support for the DNA to the rollout system - DNA-89344 Show Music Service icon in the control panel - DNA-89360 Make ‘Settings’ menu entry go to settings - DNA-89366 Make opera://feedback/babe attachable by the webdriver - DNA-89419 Crash at base::Value::GetAsDictionary (base::DictionaryValue const**) const - DNA-89469 Autopause does not work - DNA-89477 Do not wait with starting the player if the interrupting session is short - DNA-89480 Crash when hovering player panel - DNA-89484 Crash at base::internal::CheckedObserverAdapter ::IsMarkedForRemoval() - DNA-89489 Put control panel behind feature flag - DNA-89514 Implement feedback button for Player - DNA-89516 Do not auto-pause the Player when there is no sound - DNA-89553 Make the control panel show current song - DNA-89557 No accessibility title for rating and close buttons inside feedback dialog - DNA-89561 Make the control panel show artwork that represents current track - DNA-89575 Handle longer track and artist names - DNA-89577 Make progress bar work correctly - DNA-89630 Controler pop-up is too high (and service logo too) - DNA-89634 Panel width is reset when it shouldn’t - DNA-89654 Request higher resolution images for HiDPI - DNA-89655 Enable #player-service-control-panel on Developer stream - DNA-89671 No accessiblity titles for control panel elements - DNA-89672 String change “A world of music…” - DNA-89679 Player — don’t show control panel when Player in sidebar is opened - DNA-89722 Album cover arts are not visible - DNA-89766 Address bar does not respond to actions - DNA-89776 Control panel does not disappear after hovering elsewhere - DNA-89778 Implement multi-window behavior when no Player is pinned - DNA-89795 Player is enable after Opera restart (when in Settings was turned off) - DNA-89803 Artwork is cropped to the right - DNA-89812 Sidebar panel should hide when toggle between windows - DNA-89820 Incorrect music services for Philippines - DNA-89846 Do not show the control panel if there is nothing to show - DNA-89878 Clarify notification dot for messengers - DNA-89901 [Mac][Player] Zombie crash at exit - DNA-89952 Crash at opera::BrowserSidebarPlayerItemContentViewViews ::LoadPlayerServiceURL() - DNA-89964 Player stays in the autopause after reloading panel - DNA-89971 Multi window behaviour is not respected anymore - DNA-89976 Disallow docking for Player - DNA-89986 Enable #player-service and #player-service-control-panel on all streams - DNA-90006 Change services order in RU/UA/BY - The update to chromium 86.0.4240.198 fixes following issues: CVE-2020-16013, CVE-2020-16017 Important CVE-2020-16013 CVE-2020-16017 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-pip fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 * new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950) * new: MailExtensions: 'compose_attachments' context added to Menus API (bmo#1670822) * new: MailExtensions: Menus API now available on displayed messages (bmo#1670825) * changed: MailExtensions: browser.tabs.create will now wait for 'mail-delayed-startup-finished' event (bmo#1674407) * fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851) * fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285) * fixed: Chat: New chat contact menu item did not function (bmo#1663321) * fixed: Various theme and usability improvements (bmo#1673861) * fixed: Various security fixes MFSA 2020-52 (bsc#1178894) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5 - Mozilla Thunderbird 78.4.3 * fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282) * fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178894 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u275 (icedtea 3.17.1) * JDK-8214440, bsc#1179441: Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) * JDK-8223940: Private key not supported by chosen signature algorithm * JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding * JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) * PR3815: Fix new s390 size_t issue in g1ConcurrentMarkObjArrayProcessor.cpp This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179441 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160452 CVE-2019-19921 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1176262 SUSE bug 1179193 CVE-2019-20916 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429). - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666). - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971). - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140). - CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107). - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589). The following non-security bugs were fixed: - ACPI: GED: fix -Wformat (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - KVM host: kabi fixes for psci_version (bsc#1174726). - KVM: arm64: Add missing #include of &lt;linux/string.h> in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - arm64: KVM: Fix system register enumeration (bsc#1174726). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs. - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: remove bogus debug code (bsc#1179427). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - fuse: fix page dereference after free (bsc#1179213). - hv_balloon: disable warning when floor reached (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - igc: Fix returning wrong statistics (bsc#1118657). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI workaround for usermodehelper changes (bsc#1179406). - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: serial: imx: keep console clocks always on (git-fixes). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). Important SUSE bug 1050242 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1056653 SUSE bug 1056657 SUSE bug 1056787 SUSE bug 1064802 SUSE bug 1066129 SUSE bug 1103990 SUSE bug 1103992 SUSE bug 1104389 SUSE bug 1104393 SUSE bug 1109837 SUSE bug 1110096 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112374 SUSE bug 1118657 SUSE bug 1122971 SUSE bug 1136460 SUSE bug 1136461 SUSE bug 1158775 SUSE bug 1170139 SUSE bug 1172542 SUSE bug 1174726 SUSE bug 1174852 SUSE bug 1175916 SUSE bug 1176109 SUSE bug 1177304 SUSE bug 1177666 SUSE bug 1177805 SUSE bug 1177808 SUSE bug 1178589 SUSE bug 1178635 SUSE bug 1178669 SUSE bug 1178897 SUSE bug 1178940 SUSE bug 1178962 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179211 SUSE bug 1179213 SUSE bug 1179259 SUSE bug 1179403 SUSE bug 1179406 SUSE bug 1179418 SUSE bug 1179421 SUSE bug 1179424 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179429 CVE-2018-20669 CVE-2020-15436 CVE-2020-15437 CVE-2020-27777 CVE-2020-28974 CVE-2020-29371 CVE-2020-4788 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for minidlna fixes the following issues: minidlna was updated to version 1.3.0 (boo#1179447) - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow negative HTTP chunk lengths. [CVE-2020-28926] - Validate SUBSCRIBE callback URL. [CVE-2020-12695] - Fixed spurious warnings with ogg coverart - Fixed an issue with VLC where browse results would be truncated. - Fixed bookmarks on Samsung Q series - Added DSD file support. - Fixed potential stack smash vulnerability in getsyshwaddr on macOS. - Will now reload the log file on SIGHUP. - Worked around bad SearchCriteria from the Control4 Android app. - Increased max supported network addresses to 8. - Added forced alphasort capability. - Added episode season and number metadata support. - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option. - Fixed discovery when connected to certain WiFi routers. - Added FreeBSD kqueue support. - Added the ability to set the group to run as. Moderate SUSE bug 1179447 CVE-2020-12695 CVE-2020-28926 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pngcheck fixes the following issues: - CVE-2020-27818: Fixed a global buffer overflow in check_chunk_name function via crafted pngfile (boo#1179528). Moderate SUSE bug 1179528 CVE-2020-27818 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1148987 SUSE bug 1155338 SUSE bug 1155339 CVE-2019-13627 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes (boo#1162766) - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled (boo#1162775) - NC-SA-2019-015, CVE-2019-15624: Improper Input Validation allowed group admins to create users with IDs of system folders (boo#1162776) - NC-SA-2019-012, CVE-2020-8119: Improper authorization caused leaking of previews and files when a file-drop share link is opened via the gallery app (boo#1162781) - NC-SA-2019-014, CVE-2020-8118: An authenticated server-side request forgery allowed to detect local and remote services when adding a new subscription in the calendar application (boo#1162782) - NC-SA-2020-012, CVE-2019-15621: Improper permissions preservation causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link (boo#1162784) - To many changes. For detail see: https://nextcloud.com/changelog/ nextcloud was updated to 13.0.12: - Fix NC-SA-2020-001 - To many changes. For detail see: https://nextcloud.com/changelog/ Moderate SUSE bug 1162766 SUSE bug 1162775 SUSE bug 1162776 SUSE bug 1162781 SUSE bug 1162782 SUSE bug 1162784 CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Update to 87.0.4280.88 boo#1179576 - CVE-2020-16037: Use after free in clipboard - CVE-2020-16038: Use after free in media - CVE-2020-16039: Use after free in extensions - CVE-2020-16040: Insufficient data validation in V8 - CVE-2020-16041: Out of bounds read in networking - CVE-2020-16042: Uninitialized Use in V8 Important SUSE bug 1179576 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for hostapd fixes the following issues: hostapd was updated to version 2.9: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into 'STA <addr>' control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL Update to version 2.8 * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only group 19 (i.e., disable groups 20, 21, 25, 26 from default configuration) and disable all unsuitable groups completely based on REVmd changes - improved anti-clogging token mechanism and SAE authentication frame processing during heavy CPU load; this mitigates some issues with potential DoS attacks trying to flood an AP with large number of SAE messages - added Finite Cyclic Group field in status code 77 responses - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) - fixed confirm message validation in error cases [https://w1.fi/security/2019-3/] (CVE-2019-9496) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify peer scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * Hotspot 2.0 changes - added support for release number 3 - reject release 2 or newer association without PMF * added support for RSN operating channel validation (CONFIG_OCV=y and configuration parameter ocv=1) * added Multi-AP protocol support * added FTM responder configuration * fixed build with LibreSSL * added FT/RRB workaround for short Ethernet frame padding * fixed KEK2 derivation for FILS+FT * added RSSI-based association rejection from OCE * extended beacon reporting functionality * VLAN changes - allow local VLAN management with remote RADIUS authentication - add WPA/WPA2 passphrase/PSK -based VLAN assignment * OpenSSL: allow systemwide policies to be overridden * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * fixed FT and SA Query Action frame with AP-MLME-in-driver cases * OWE: allow Diffie-Hellman Parameter element to be included with DPP in preparation for DPP protocol extension * RADIUS server: started to accept ERP keyName-NAI as user identity automatically without matching EAP database entry * fixed PTK rekeying with FILS and FT wpa_supplicant: * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9499) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT - Enabled CLI editing and history support. Update to version 2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [http://w1.fi/security/2017-1/] (CVE-2017-13082) (boo#1056061) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * FT: - added local generation of PMK-R0/PMK-R1 for FT-PSK (ft_psk_generate_local=1) - replaced inter-AP protocol with a cleaner design that is more easily extensible; this breaks backward compatibility and requires all APs in the ESS to be updated at the same time to maintain FT functionality - added support for wildcard R0KH/R1KH - replaced r0_key_lifetime (minutes) parameter with ft_r0_key_lifetime (seconds) - fixed wpa_psk_file use for FT-PSK - fixed FT-SAE PMKID matching - added expiration to PMK-R0 and PMK-R1 cache - added IEEE VLAN support (including tagged VLANs) - added support for SHA384 based AKM * SAE - fixed some PMKSA caching cases with SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - added option to require MFP for SAE associations (sae_require_pmf=1) - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier * hostapd_cli: added support for command history and completion * added support for requesting beacon report * large number of other fixes, cleanup, and extensions * added option to configure EAPOL-Key retry limits (wpa_group_update_count and wpa_pairwise_update_count) * removed all PeerKey functionality * fixed nl80211 AP mode configuration regression with Linux 4.15 and newer * added support for using wolfSSL cryptographic library * fixed some 20/40 MHz coexistence cases where the BSS could drop to 20 MHz even when 40 MHz would be allowed * Hotspot 2.0 - added support for setting Venue URL ANQP-element (venue_url) - added support for advertising Hotspot 2.0 operator icons - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS * added support for using OpenSSL 1.1.1 * added EAP-pwd server support for salted passwords Moderate SUSE bug 1056061 CVE-2017-13082 CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nsd fixes the following issues: nsd was updated to the new upstream release 4.3.4 FEATURES: - Merge PR #141: ZONEMD RR type. BUG FIXES: - Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935) - Fix #128: Fix that the invalid port number is logged for sendmmsg failed: Invalid argument. - Fix #133: fix 0-init of local ( stack ) buffer. - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN. - Fix to add missing closest encloser NSEC3 for wildcard nodata type DS answer. - Fix #138: NSD returns non-EDNS answer when QUESTION is empty. - Fix #142: NODATA answers missin SOA in authority section after CNAME chain. New upstream release 4.3.3: FEATURES: - Follow DNS flag day 2020 advice and set default EDNS message size to 1232. - Merged PR #113 with fixes. Instead of listing an IP-address to listen on, an interface name can be specified in nsd.conf, with ip-address: eth0. The IP-addresses for that interface are then used. - New upstream release 4.3.2 FEATURES: - Fix #96: log-only-syslog: yes sets to only use syslog, fixes that the default configuration and systemd results in duplicate log messages. - Fix #107: nsd -v shows configure line, openssl version and libevent version. - Fix #103 with #110: min-expire-time option. To provide a lower bound for expire period. Expressed in number of seconds or refresh+retry+1. BUG FIXES: - Fix to omit the listen-on lines from log at startup, unless verbose. - Fix #97: EDNS unknown version: query not in response. - Fix #99: Fix copying of socket properties with reuseport enabled. - Document default value for tcp-timeout. - Merge PR#102 from and0x000: add missing default in documentation for drop-updates. - Fix unlink of pidfile warning if not possible due to permissions, nsd can display the message at high verbosity levels. - Removed contrib/nsd.service, example is too complicated and not useful. - Merge #108 from Nomis: Make the max-retry-time description clearer. - Retry when udp send buffer is full to wait until buffer space is available. - Remove errno reset behaviour from sendmmsg and recvmmsg replacement functions. - Fix unit test for different nsd-control-setup -h exit code. - Merge #112 from jaredmauch: log old and new serials when NSD rejects an IXFR due to an old serial number. - Fix #106: Adhere better to xfrd bounds. Refresh and retry times. - Fix #105: Clearing hash_tree means just emptying the tree. New upstream release 4.3.1 BUG FIXES: - Merge PR #91 by gearnode: nsd-control-setup recreate certificates. The '-r' option recreates certificates. Without it it creates them if they do not exist, and does not modify them otherwise. New upstream release 4.3.0 FEATURES: - Fix to use getrandom() for randomness, if available. - Fix #56: Drop sparse TSIG signing support in NSD. Sign every axfr packet with TSIG, according to the latest draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1. - Merge pull request #59 from buddyns: add FreeBSD support for conf key ip-transparent. - Add feature to pin server processes to specific cpus. - Add feature to pin IP addresses to selected server processes. - Set process title to identify individual processes. - Merge PR#22: minimise-any: prefer polular and not large RRset, from Daisuke Higashi. - Add support for SO_BINDTODEVICE on Linux. - Add feature to drop queries with opcode UPDATE. BUG FIXES: - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters. - use-systemd is ignored in nsd.conf, when NSD is compiled with libsystemd it always signals readiness, if possible. - Note that use-systemd is not necessary and ignored in man page. - Fix responses for IXFR so that the authority section is not echoed in the response. - Fix that the retry wait does not exceed one day for zone transfers. - Update keyring as per https://nlnetlabs.nl/people/ New upstream release 4.2.3: * confine-to-zone configures NSD to not return out-of-zone additional information. * pidfile '' allows to run NSD without a pidfile * adds support for readiness notification with READY_FD * fix excessive logging of ixfr failures, it stops the log when fallback to axfr is possible. log is enabled at high verbosity. * The nsd.conf includes are sorted ascending, for include statements with a '*' from glob. * Fix log address and failure reason with tls handshake errors, squelches (the same as unbound) some unless high verbosity is used. * Number of different UDP handlers has been reduced to one. recvmmsg and sendmmsg implementations are now used on all platforms. * Socket options are now set in designated functions for easy reuse. * Socket setup has been simplified for easy reuse. * Configuration parser is now aware of the context in which an option was specified. * document that remote-control is a top-level nsd.conf attribute. - Remove legacy upgrade of nsd users in %post (boo#1157331) New upstream release 4.2.2: * Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the dname_concatenate() function. Reported by Frederic Cambus. It causes the zone parser to crash on a malformed zone file, with assertions enabled, an assertion catches it. * Fix #19: Out-of-bounds read caused by improper validation of array index. Reported by Frederic Cambus. The zone parser fails on type SIG because of mismatched definition with RRSIG. * PR #23: Fix typo in nsd.conf man-page. * Fix that NSD warns for wrong length of the hash in SSHFP records. * Fix #25: NSD doesn't refresh zones after extended downtime, it refreshes the old zones. * Set no renegotiation on the SSL context to stop client session renegotiation. * Fix #29: SSHFP check NULL pointer dereference. * Fix #30: SSHFP check failure due to missing domain name. * Fix to timeval_add in minievent for remaining second in microseconds. * PR #31: nsd-control: Add missing stdio header. * PR #32: tsig: Fix compilation without HAVE_SSL. * Cleanup tls context on xfrd exit. * Fix #33: Fix segfault in service of remaining streams on exit. * Fix error message for out of zone data to have more information. New upstream release 4.2.1: * FEATURES: - Added num.tls and num.tls6 stat counters. - PR #12: send-buffer-size, receive-buffer-size, tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek. - Fix #14, tcp connections have 1/10 to be active and have to work every second, and then they get time to complete during a reload, this is a process that lingers with the old version during a version update. * BUG FIXES: - Fix #13: Stray dot at the end of some log entries, removes dot after updated serial number in log entry. - Fix TLS cipher selection, the previous was redundant, prefers CHACHA20-POLY1305 over AESGCM and was not as readable as it could be. - Fix #15: crash in SSL library, initialize variables for TCP access when TLS is configured. - Fix tls handshake event callback function mistake, reported by Mykhailo Danylenko. - Fix output of nsd-checkconf -h. New upstream release 4.2.0: * Implement TCP fast open * Added DNS over TLS * TLS OCSP stapling support with the tls-service-ocsp option * New option hide-identity can be used in nsd.conf to stop NSD from responding with the hostname for probe queries that elicit the chaos class response, this is conform RFC4892 * Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE Update to upstream release 4.1.27: * FEATURES: - Deny ANY with only one RR in response, by default. Patch from Daisuke Higashi. The deny-any statement in nsd.conf sets ANY queries over UDP to be further moved to TCP as well. Also no additional section processig for type ANY, reducing the response size. - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig and del_tsig. These changes are gone after reload, edit the config file (or a file included from it) to make changes that last after restart. * BUG FIXES: Update to upstream release 4.1.26: * FEATURES: - DNSTAP support for NSD, --enable-dnstap and then config in nsd.conf. - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes option in nsd.conf. - Added nsd-control changezone. nsd-control changezone name pattern allows the change of a zone pattern option without downtime for the zone, in one operation. * BUG FIXES: - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of DNSSEC RRs. - Fix #4202: nsd-control delzone incorrect exit code on error. - Fix to not set GLOB_NOSORT so the nsd.conf include: files are sorted and in a predictable order. - Fix #3433: document that reconfig does not change per-zone stats. Update to upstream release 4.1.25: * FEATURES: - nsd-control prints neater errors for file failures. * BUG FIXES: - Fix that nsec3 precompile deletion happens before the RRs of the zone are deleted. - Fix printout of accepted remote control connection for unix sockets. - Fix use_systemd typo/leftover in remote.c. - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu. - append_trailing_slash has one implementation and is not repeated differently. - Fix coding style in nsd.c - Fix to combine the same error function into one, from Xiaobo Liu. - Fix initialisation in remote.c. - please clang analyzer and fix parse of IPSECKEY with bad gateway. - Fix nsd-checkconf fail on bad zone name. - Annotate exit functions with noreturn. - Remove unused if clause during server service startup. - Fix #4156: Fix systemd service manager state change notification When it is compiled, systemd readiness signalling is enabled. The option in nsd.conf is not used, it is ignored when read. Update to upstream release 4.1.24: - Features * #4102: control interface via local socket * configure --enable-systemd (needs pkg-config and libsystemd) can be used to then use-systemd: yes in nsd.conf and have readiness signalling with systemd. * RFC8162 support, for record type SMIMEA. - Bug Fixes * Patch to fix openwrt for mac os build darwin detection in configure. * Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. * #4106: Fix that stats printed from nsd-control are recast from unsigned long to unsigned (remote.c). * Fix that type CAA (and URI) in the zone file can contain dots when not in quotes. * #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM chain, NSD leniently attempts to find a working NSEC3PARAM. Update to upstream release 4.1.23: - Fix NSD time sensitive TSIG compare vulnerability. Update to upstream release 4.1.22: - Features: * refuse-any sends truncation (+TC) in reply to ANY queries over UDP, and allows TCP queries like normal. * Use accept4 to speed up answer of TCP queries - Bug fixes: * Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones. * Fix to use same condition for nsec3 hash allocation and free. - Changes in version 4.1.21: - Features: * --enable-memclean cleans up memory for use with memory checkers, eg. valgrind. * refuse-any nsd.conf option that refuses queries of type ANY. * lower memory usage for tcp connections, so tcp-count can be higher. - Bug fixes: * Fix spelling error in xfr-inspect. * Fix buffer size warnings from compiler on filename lengths. Moderate SUSE bug 1157331 SUSE bug 1179191 CVE-2019-13207 CVE-2020-28935 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179398 SUSE bug 1179399 SUSE bug 1179593 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for audacity fixes the following issues: - CVE-2020-11867: Avoid saving temporary files to /var/tmp/audacity-$USER by default, which permissions are set to 755. (bsc#1179449) Moderate SUSE bug 1179449 CVE-2020-11867 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. (jsc#ECO-3010,bsc#1118459) Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) Update to 0.102.4 * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. Update to 0.102.3 * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. * Fix 'Attempt to allocate 0 bytes' error when parsing some PDF documents. * Fix a couple of minor memory leaks. * Updated libclamunrar to UnRAR 5.9.2. Update to 0.102.2: * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler. - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) Update to 0.102.1: * CVE-2019-15961, bsc#1157763: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. * Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support. * Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. * Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. * Null-dereference fix in email parser when using the --gen-json metadata option. * Fixes for Authenticode parsing and certificate signature (.crb database) bugs. Update to 0.102.0: * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: - On-Access scanning for created and moved files (Extra-Scanning) is fixed. - VirusEvent for On-Access scans is fixed. - With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. * The freshclam database update utility has undergone a significant update. This includes: - Added support for HTTPS. - Support for database mirrors hosted on ports other than 80. - Removal of the mirror management feature (mirrors.dat). - An all new libfreshclam library API. - created new subpackage libfreshclam2 Update to 0.101.4: * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * bsc#1144504: ZIP bomb causes extreme CPU spikes Update to version 0.101.2 (bsc#1130721) * CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. * CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. * CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. * CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. * CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1104457 SUSE bug 1118459 SUSE bug 1130721 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 CVE-2019-12625 CVE-2019-12900 CVE-2019-15961 CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). - Initialized dh->nid to NID_undef in DH_new_method() (bsc#1177673). - Fixed a test failure in apache_ssl in fips mode (bsc#1177793). - Renamed BN_get_rfc3526_prime_* functions back to get_rfc3526_prime_* (bsc#1177575). - Restored private key check in EC_KEY_check_key (bsc#1177479). - Added shared secret KAT to FIPS DH selftest (bsc#1176029). - Included ECDH/DH Requirements from SP800-56Arev3 (bsc#1176029). - Used SHA-2 in the RSA pairwise consistency check (bsc#1155346) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1155346 SUSE bug 1176029 SUSE bug 1177479 SUSE bug 1177575 SUSE bug 1177673 SUSE bug 1177793 SUSE bug 1179491 CVE-2020-1971 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1177120 CVE-2020-26137 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slurm_18_08 fixes the following issues: Security issues fixed: - CVE-2020-27745: Fixed a potential buffer overflow from use of unpackmem (bsc#1178890). - CVE-2020-27746: Fixed a potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1178890 SUSE bug 1178891 CVE-2020-27745 CVE-2020-27746 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for PackageKit fixes the following issue: - CVE-2020-16121: Fixed an Information disclosure in InstallFiles, GetFilesLocal and GetDetailsLocal (bsc#1176930). - Notify service manager when it shutdown and cleanup temporary files when PackageKit quits. (bsc#1169739) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1169739 SUSE bug 1176930 CVE-2020-16121 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). - Supplement libgtk-3-0 instead of libX11-6 to avoid installation on a textmode install (bsc#1142000) - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). - Fixed sshd termination of multichannel sessions with non-root users (bsc#1115550,bsc#1174162). - Added speculative hardening for key storage (bsc#1139398). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1115550 SUSE bug 1139398 SUSE bug 1142000 SUSE bug 1148566 SUSE bug 1173513 SUSE bug 1174162 CVE-2020-14145 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * Fixed: Various stability and security fixes - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1163368 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1150164 SUSE bug 1161913 SUSE bug 1167939 SUSE bug 1172798 SUSE bug 1178577 SUSE bug 1178614 SUSE bug 1178624 SUSE bug 1178675 CVE-2020-13844 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451): - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution. - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution. - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531). - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171531 SUSE bug 1177087 SUSE bug 1179122 SUSE bug 1179451 CVE-2020-13543 CVE-2020-13584 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 68.5 (bsc#1162777) MFSA 2020-07 (bsc#1163368) * CVE-2020-6793 (bmo#1608539) Out-of-bounds read when processing certain email messages * CVE-2020-6794 (bmo#1606619) Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords * CVE-2020-6795 (bmo#1611105) Crash processing S/MIME messages with multiple signatures * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6792 (bmo#1609607) Message ID calculcation was based on uninitialized data * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Thunderbird 68.5 * new: Support for Client Identity IMAP/SMTP Service Extension (bmo#1532388) * new: Support for OAuth 2.0 authentication for POP3 accounts (bmo#1538409) * fixed: Status area goes blank during account setup (bmo#1593122) * fixed: Calendar: Could not remove color for default categories (bmo#1584853) * fixed: Calendar: Prevent calendar component loading multiple times (bmo#1606375) * fixed: Calendar: Today pane did not retain width between sessions (bmo#1610207) * unresolved: When upgrading from Thunderbird version 60 to version 68, add-ons are not automatically updated during the upgrade process. They will however be updated during the add- on update check. It is of course possible to reinstall compatible add-ons via the Add-ons Manager or via addons.thunderbird.net. (bmo#1574183) * changed: Calendar: Task and Event tree colours adjusted for the dark theme (bmo#1608344) * fixed: Retrieval of S/MIME certificates from LDAP failed (bmo#1604773) * fixed: Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set (bmo#1609690) * fixed: Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout (bmo#1222046) * fixed: Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened (bmo#1608407) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1162777 SUSE bug 1163368 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6 * new: MailExtensions: Added browser.windows.openDefaultBrowser() (bmo#1664708) * changed: Thunderbird now only shows quota exceeded indications on the main window (bmo#1671748) * changed: MailExtensions: menus API enabled in messages being composed (bmo#1670832) * changed: MailExtensions: Honor allowScriptsToClose argument in windows.create API function (bmo#1675940) * changed: MailExtensions: APIs that returned an accountId will reflect the account the message belongs to, not what is stored in message headers (bmo#1644032) * fixed: Keyboard shortcut for toggling message 'read' status not shown in menus (bmo#1619248) * fixed: OpenPGP: After importing a secret key, Key Manager displayed properties of the wrong key (bmo#1667054) * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041) * fixed: OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux (bmo#1634053) * fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save As' did not work (bmo#1663169) * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757) * fixed: OpenPGP: Verification of clear signed UTF-8 text failed (bmo#1679756) * fixed: Address book: Some columns incorrectly displayed no data (bmo#1631201) * fixed: Address book: The address book view did not update after changing the name format in the menu (bmo#1678555) * fixed: Calendar: Could not import an ICS file into a CalDAV calendar (bmo#1652984) * fixed: Calendar: Two 'Home' calendars were visible on a new profile (bmo#1656782) * fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543) * fixed: Dark theme did not apply to new mail notification popups (bmo#1681083) * fixed: Folder icon, message list, and contact side bar visual improvements (bmo#1679436) * fixed: MailExtensions: HTTP refresh in browser content tabs did not work (bmo#1667774) * fixed: MailExtensions: messageDisplayScripts failed to run in main window (bmo#1674932) * fixed: Various security fixes MFSA 2020-56 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6 This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1155094 SUSE bug 1174091 SUSE bug 1174571 SUSE bug 1174701 SUSE bug 1177211 SUSE bug 1178009 SUSE bug 1179193 SUSE bug 1179630 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-5010 CVE-2020-14422 CVE-2020-26116 CVE-2020-27619 CVE-2020-8492 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for kdeconnect-kde fixes the following issues: - Add fingerprinting for device verification (boo#1177672). Important SUSE bug 1177672 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ovmf fixes the following issues: - CVE-2019-14584: Fixed a null dereference in AuthenticodeVerify() (bsc#1177789). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1177789 CVE-2019-14584 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for blosc fixes the following issues: Update to version 1.20.1 boo#1179914 CVE-2020-29367: * More saftey checks have been implemented so that potential flaws discovered by new fuzzers in OSS-Fuzzer are fixed now * BloscLZ updated to 2.3.0. Expect better compression ratios for faster codecs. For details, see our new blog post: https://blosc.org/posts/beast-release/ * Fixed the _xgetbv() collision. Thanks to Michał G?rny (@mgorny). Update to version 1.19.0: * The length of automatic blocksizes for fast codecs (lz4, blosclz) has been incremented quite a bit (up to 256 KB) for better compression ratios. * The performance in modern CPUs (with at least 256 KB in L2 cache) should be better too (for older CPUs the performance should stay roughly the same). * For small buffers that cannot be compressed (typically < 128 bytes), blosc_compress() returns now a 0 (cannot compress) instead of a negative number (internal error). See #294. * blosclz codec updated to 2.1.0. Expect better compression ratios and performance in a wider variety of scenarios. * blosc_decompress_unsafe(), blosc_decompress_ctx_unsafe() and blosc_getitem_unsafe() have been removed because they are dangerous and after latest improvements, they should not be used in production. Update to version 1.18.1: * Fixed the copy of the leftovers of a chunk when its size is not a multiple of the typesize. Update to version 1.17.1: * BloscLZ codec updated to 2.0.0. Update to version 1.16.3: * Fix for building for clang with -march=haswell. See PR #262. * Fix all the known warnings for GCC/Clang. Still some work to do for MSVC in this front. * Due to some problems with several CI systems, the check for library symbols are deactivated now by default. If you want to enforce this check, use: cmake .. -DDEACTIVATE_SYMBOLS_CHECK=ON to re-activate it. * Correct the check for the compressed size when the buffer is memcpyed. This was a regression introduced in 1.16.0. Fixes #261. * Fixed a regression in 1.16.0 that prevented to compress empty buffers (see #260). * Now the functions that execute Blosc decompressions are safe by default for untrusted/possibly corrupted inputs. * The previous functions (with less safety) checks are still available with a '_unsafe' suffix. The complete list is: * Also, a new API function named blosc_cbuffer_validate(), for validating Blosc compressed data, has been added. * For details, see PR #258. Thanks to Jeremy Maitin-Shepard. * Fixed a bug in blosc_compress() that could lead to thread deadlock under some situations. See #251. Thanks to @wenjuno for the report and the fix. * Fix data race in shuffle.c host_implementation initialization. Fixes #253. Thanks to Jeremy Maitin-Shepard. * Add workaround for Visual Studio 2008's lack of a stdint.h file to blosclz.c. * Replaced //-comments with /**/-comments and other improvements for compatibility with quite old gcc compilers. See PR #243. Thanks to Andreas Martin. * Empty buffers can be compressed again (this was unadvertedly prevented while fixing #234). See #247. Thanks to Valentin Haenel. Update to version 1.14.4: * Added a new DEACTIVATE_SSE2 option for cmake that is useful for disabling SSE2 when doing cross-compilation (see #236). * New check for detecting output buffers smaller than BLOSC_MAX_OVERHEAD. * The complib and version parameters for blosc_get_complib_info() can be safely set to NULL now. This allows to call this function even if the user is not interested in these parameters (so no need to reserve memory for them). * In some situations that a supposedly blosc chunk is passed to blosc_decompress(), one might end with an Arithmetic exception. This is probably due to the chunk not being an actual blosc chunk, and divisions by zero might occur. A protection has been added for this. Update to version 1.14.3: * Fixed a bug that caused C-Blosc to crash on platforms requiring strict alignment. * Fixed a piece of code that was not C89 compliant. Moderate SUSE bug 1174075 SUSE bug 1179914 CVE-2020-29367 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for inn fixes the following issues: - CVE-2019-3692: Fixed a local privilage escalation from user to 'news' (bsc#1154302). Moderate SUSE bug 1154302 CVE-2019-3692 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for flac fixes the following issues: - CVE-2020-0487: Fixed a memory leak (bsc#1180112). - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1180099 SUSE bug 1180112 CVE-2020-0487 CVE-2020-0499 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openexr fixes the following issues: Security issues fixed: - CVE-2020-16587: Fixed a heap-based buffer overflow in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp (bsc#1179879). - CVE-2020-16588: Fixed a null pointer deference in generatePreview (bsc#1179879). - CVE-2020-16589: Fixed a heap-based buffer overflow in writeTileData in ImfTiledOutputFile.cpp (bsc#1179879). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179879 CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rmt-server to version 2.5.2 fixes the following issues: Security issue fixed: - CVE-2019-18904: Fixed a denial of service in the offline migration (bsc#1160922). Non-security issue fixed: - Relaxed systemd units dependencies (bsc#1160673) - Added more verbose error reporting for SCC API errors (bsc#1157119) - Fixed system listing when architecture is not well referenced (bsc#1141122) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1141122 SUSE bug 1157119 SUSE bug 1160673 SUSE bug 1160922 CVE-2019-18904 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gimp fixes the following issues: Security issue fixed: - CVE-2017-17787: Fixed an out-of-bounds read in the PSP importer (bsc#1073628). Non-security issue fixed: - Fixed a software crash while importing a _PostScript_ file (bsc#1178726). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1073628 SUSE bug 1178726 CVE-2017-17787 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: - Update to version 73.0.3856.284 - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88 - DNA-88454 Background of snap area above visible scrolled viewport is not captured - DNA-89749 Implement client_capabilities support for Flow / Sync - DNA-89810 Opera no longer autoselects full url/address bar when clicked - DNA-89923 [Snap] Emojis look grayed out - DNA-90060 Make gesture events work with search-in-tabs feature - DNA-90168 Display SD suggestions titles - DNA-90176 Player doesn’t show music service to choose on Welcome page - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042 - Update to version 73.0.3856.257 - DNA-89918 #enable-force-dark flag doesn’t work anymore - DNA-90061 Clicking on video’s progress bar breaks autopausing - DNA-90079 [BigSur] Blank pages - DNA-90154 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - Complete Opera 73.0 changelog at: https://blogs.opera.com/desktop/changelog-for-73/ Important CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ffmpeg-4 fixes the following issues: ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified. (bsc#1133153) - For other changes see /usr/share/doc/packages/libavcodec58/Changelog Update to version 4.2.1: * Stable bug fix release, mainly codecs and format fixes. - CVE-2019-15942: Conditional jump or move depends on uninitialised value' issue in h2645_parse (boo#1149839) Update to FFmpeg 4.2 'Ada' * tpad filter * AV1 decoding support through libdav1d * dedot filter * chromashift and rgbashift filters * freezedetect filter * truehd_core bitstream filter * dhav demuxer * PCM-DVD encoder * GIF parser * vividas demuxer * hymt decoder * anlmdn filter * maskfun filter * hcom demuxer and decoder * ARBC decoder * libaribb24 based ARIB STD-B24 caption support (profiles A and C) * Support decoding of HEVC 4:4:4 content in nvdec and cuviddec * removed libndi-newtek * agm decoder * KUX demuxer * AV1 frame split bitstream filter * lscr decoder * lagfun filter * asoftclip filter * Support decoding of HEVC 4:4:4 content in vdpau * colorhold filter * xmedian filter * asr filter * showspatial multimedia filter * VP4 video decoder * IFV demuxer * derain filter * deesser filter * mov muxer writes tracks with unspecified language instead of English by default * added support for using clang to compile CUDA kernels - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog. Update to version 4.1.4 * See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog. - Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen Update to version 4.1.3: * Updates and bug fixes for codecs, filters and formats. [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339] Update to version 4.1.2: * Updates and bug fixes for codecs, filters and formats. Update to version 4.1.1: * Various filter and codec fixes and enhancements. * configure: Add missing xlib dependency for VAAPI X11 code. * For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog * enable AV1 support on x86_64 Update ffmpeg to 4.1: * Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz, aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue, transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter, acrossover filter, audio denoiser as afftdn filter, sinc audio filter source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter yadif_cuda filter. * AV1 parser * Support for AV1 in MP4 * PCM VIDC decoder and encoder * libtensorflow backend for DNN based filters like srcnn * -- The following only enabled in third-party builds: * ATRAC9 decoder * AVS2 video decoder via libdavs2 * IMM4 video decoder * Brooktree ProSumer video decoder * MatchWare Screen Capture Codec decoder * WinCam Motion Video decoder * RemotelyAnywhere Screen Capture decoder * AVS2 video encoder via libxavs2 * ILBC decoder * SER demuxer * Decoding S12M timecode in H264 * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1 Update ffmpeg to 4.0.3: * For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3 - CVE-2018-13305: Added a missing check for negative values of mqaunt variable (boo#1100345). Moderate SUSE bug 1100345 SUSE bug 1133123 SUSE bug 1133153 SUSE bug 1133155 SUSE bug 1149839 CVE-2017-17555 CVE-2018-13305 CVE-2019-11338 CVE-2019-11339 CVE-2019-15942 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1162202 SUSE bug 1162675 CVE-2019-18634 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ipmitool fixes the following security issue: - CVE-2020-5208: Fixed several buffer overflows (bsc#1163026). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1163026 CVE-2020-5208 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for weechat fixes the following security issue: - CVE-2020-8955: Fixed a buffer overflow in plugins/irc/irc-mode.c that allowed attackers to cause a denial of service (bsc#1163889). Important SUSE bug 1163889 CVE-2020-8955 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for enigmail fixes the following issues: enigmail was updated to 2.1.5: * Security issue: unsigned MIME parts displayed as signed (bsc#1159973) * Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format * Make Enigmail Compatible with Protected-Headers spec, draft 2 enigmail 2.1.4: * Fixes for UI glitches * Option to 'Attach public key to messages' was not restored properly enigmail 2.1.3: * fix a bug in the setup wizard that could lead the wizard to never complete scanning the inbox This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159973 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for yast2-rmt fixes the following issues: yast2-rmt was updated to release version 1.2.2: - CVE-2018-20105: Pass SSL password to Cheetah CLI interface securely (boo#1119835) Moderate SUSE bug 1119835 CVE-2018-20105 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1135114 SUSE bug 1154804 SUSE bug 1154805 SUSE bug 1155198 SUSE bug 1155205 SUSE bug 1155298 SUSE bug 1155678 SUSE bug 1155819 SUSE bug 1156158 SUSE bug 1157377 SUSE bug 1158763 CVE-2019-18900 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to version 80.0.3987.122 (bsc#1164828). Security issues fixed: - CVE-2020-6418: Fixed a type confusion in V8 (bsc#1164828). - CVE-2020-6407: Fixed an OOB memory access in streams (bsc#1164828). - Fixed an integer overflow in ICU (bsc#1164828). Non-security issues fixed: - Dropped the sandbox binary as it should not be needed anymore (bsc#1163588). Important SUSE bug 1163484 SUSE bug 1163588 SUSE bug 1164828 CVE-2020-6407 CVE-2020-6418 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-azure-agent fixes the following issues: python-azure-agent was updated to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields From 2.2.44 update: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements From 2.2.42 update: + Poll for artifact blob, addresses goal state procesing issue From 2.2.41 update: + Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data From 2.2.40 update: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions >= 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt From 2.2.38 update: Security issue fixed: + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838) + Add fixes for handling swap file and other nit fixes From 2.2.37 update: + Improves re-try logic to handle errors while downloading extensions This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1127838 CVE-2019-0804 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to version 1.2.9. Security issues fixed: - CVE-2009-4112: Fixed a privilege escalation (bsc#1122535). - CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245). - CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244). - CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535). - CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242). - CVE-2019-16723: Fixed an authentication bypass vulnerability. - CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990). - CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992). - CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749). - CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297). Non-security issues fixed: - Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024). - Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139). Important SUSE bug 1082318 SUSE bug 1101024 SUSE bug 1101139 SUSE bug 1122242 SUSE bug 1122243 SUSE bug 1122244 SUSE bug 1122245 SUSE bug 1122535 SUSE bug 1158990 SUSE bug 1158992 SUSE bug 1161297 SUSE bug 1163749 CVE-2009-4112 CVE-2018-20723 CVE-2018-20724 CVE-2018-20725 CVE-2018-20726 CVE-2019-16723 CVE-2019-17357 CVE-2019-17358 CVE-2020-7106 CVE-2020-7237 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for proftpd fixes the following issues: proftpd was updated to version 1.3.6c. Security issues fixed: - CVE-2020-9272: Fixed an out-of-bounds read in mod_cap (bsc#1164572). - CVE-2020-9273: Fixed a potential memory corruption caused by an interruption of the data transfer channel (bsc#1164574). Moderate SUSE bug 1164572 SUSE bug 1164574 CVE-2020-9272 CVE-2020-9273 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162423 SUSE bug 1162825 CVE-2019-9674 CVE-2020-8492 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 to version 2.26.4 fixes the following issues: Security issues fixed: - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). Non-security issues fixed: - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mariadb fixes the following issues: MariaDB was updated to version 10.2.31 GA (bsc#1162388). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). - Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160878 SUSE bug 1160883 SUSE bug 1160895 SUSE bug 1160912 SUSE bug 1162388 CVE-2019-18901 CVE-2020-2574 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1163102 SUSE bug 1163103 SUSE bug 1163104 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Other issues addressed: - New: Message display toolbar action WebExtension API (bmo#1531597) - New: Navigation buttons are now available in content tabs (bmo#787683) - Fixed an issue where write window was not always correct (bmo#1593280) - Fixed toolbar issues (bmo#1584160) - Fixed issues with LDAP lookup when SSL was enabled (bmo#1576364) - Fixed an issue with scam link confirmation panel (bmo#1596413) - Fixed an issue with the write window where the Link Properties dialog was not showing named anchors in context menu (bmo#1593629) - Fixed issues with calendar (bmo#1588516) - Fixed issues with chat where reordering via drag-and-drop was not working on Instant messaging status dialog (bmo#1591505) This update was imported from the SUSE:SLE-15:Update update project. Important CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openfortivpn to version 1.12.0 fixes the following issues: - CVE-2020-7043: Fixed a TLS Certificate CommonName NULL Byte Vulnerability (boo#1165301). - CVE-2020-7042: Fixed use of uninitialized memory in X509_check_host (boo#1165300). - CVE-2020-7041: Fixed incorrect use of X509_check_host (boo#1165299). Important SUSE bug 1165299 SUSE bug 1165300 SUSE bug 1165301 CVE-2020-7041 CVE-2020-7042 CVE-2020-7043 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788) - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1148788 SUSE bug 1160594 SUSE bug 1160764 SUSE bug 1161779 SUSE bug 1163922 CVE-2019-3687 CVE-2020-8013 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: - Improved cache handling with chunked responses. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-bleach to version 3.1.1 fixes the following issue: - Python-bleach was updated to 3.1.1 - CVE-2020-6802: Fixed mutation XSS vulnerabilities (boo#1165303). Important SUSE bug 1165303 CVE-2020-6802 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for proftpd fixes the following issues: * GeoIP has been discontinued by Maxmind (boo#1156210) This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuation-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating the certificate of a client connecting to the server (boo#1157803) - CVE-2019-19270: Fixed a Failure to check for the appropriate field of a CRL entry prevents some valid CRLs from being taken into account (boo#1157798) - CVE-2019-18217: Fixed remote unauthenticated denial-of-service due to incorrect handling of overly long commands (boo#1154600 gh#846) Update to 1.3.6b * Fixed pre-authentication remote denial-of-service issue (Issue #846). * Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824). Update to 1.3.6a: * Fixed symlink navigation (Bug#4332). * Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674). * Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372). * Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656). * Fixed restarts when using mod_facl as a static module * Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed (boo#1155834) * Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed (boo#1155834) * Use pam_keyinit.so (boo#1144056) - Reduce hard dependency on systemd to only that which is necessary for building and installation. update to 1.3.6: * Support for using Redis for caching, logging; see the doc/howto/Redis.html documentation. * Fixed mod_sql_postgres SSL support (Issue #415). * Support building against LibreSSL instead of OpenSSL (Issue #361). * Better support on AIX for login restraictions (Bug #4285). * TimeoutLogin (and other timeouts) were not working properly for SFTP connections (Bug#4299). * Handling of the SIGILL and SIGINT signals, by the daemon process, now causes the child processes to be terminated as well (Issue #461). * RPM .spec file naming changed to conform to Fedora guidelines. * Fix for 'AllowChrootSymlinks off' checking each component for symlinks (CVE-2017-7418). New Modules: * mod_redis, mod_tls_redis, mod_wrap2_redis With Redis now supported as a caching mechanism, similar to Memcache, there are now Redis-using modules: mod_redis (for configuring the Redis connection information), mod_tls_redis (for caching SSL sessions and OCSP information using Redis), and mod_wrap2_redis (for using ACLs stored in Redis). Changed Modules: * mod_ban: The mod_ban module's BanCache directive can now use Redis-based caching; see doc/contrib/mod_ban.html#BanCache. -New Configuration Directives * SQLPasswordArgon2, SQLPasswordScrypt The key lengths for Argon2 and Scrypt-based passwords are now configurable via these new directives; previously, the key length had been hardcoded to be 32 bytes, which is not interoperable with all other implementations (Issue #454). Changed Configuration Directives * AllowChrootSymlinks When 'AllowChrootSymlinks off' was used, only the last portion of the DefaultRoot path would be checked to see if it was a symlink. Now, each component of the DefaultRoot path will be checked to see if it is a symlink when 'AllowChrootSymlinks off' is used. * Include The Include directive can now be used within a <Limit> section, e.g.: <Limit LOGIN> Include /path/to/allowed.txt DenyAll </Limit> API Changes * A new JSON API has been added, for use by third-party modules. Moderate SUSE bug 1113041 SUSE bug 1144056 SUSE bug 1154600 SUSE bug 1155834 SUSE bug 1156210 SUSE bug 1157798 SUSE bug 1157803 CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences (bsc#1153072). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). - Enabled HTTPS-over-IPv6 (bsc#1153072). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1153072 SUSE bug 1163927 SUSE bug 1163959 SUSE bug 1163969 CVE-2019-14553 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for yast2-rmt to version 1.3.0 fixes the following issues: Security issue fixed: - CVE-2018-20105: Fixed an exposure of the CA private key passphrase in the log file (bsc#1119835). Non-security issue fixed: - Add support for forwarding registration data from RMT to SCC This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1119835 SUSE bug 1146403 CVE-2018-20105 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium tio version 80.0.3987.132 fixes the following issues: Chromium was updated to 80.0.3987.132 boo#1165826 - CVE-2020-6420: Fixed improper policy enforcement in media. - Fixed other fixes from internal audits, fuzzing and other initiatives. Important SUSE bug 1165826 CVE-2020-6420 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gd fixes the following issues: Security issue fixed: - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1140120 SUSE bug 1165471 CVE-2018-14553 CVE-2019-11038 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195 bnc#1165881). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. It did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2019-16994: In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem (bnc#1158026). - CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service (bnc#1158827). - CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bnc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bnc#1158900). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c (bnc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bnc#1158834). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bnc#1158903). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c (bnc#1158904). - CVE-2019-19767: The Linux kernel mishandled ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19927: Mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module (bnc#1160147). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c had some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c (bnc#1160966). - CVE-2020-8428: fs/namei.c has a may_create_in_sticky use-after-free, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158823). The following non-security bugs were fixed: - smb3: print warning once if posix context returned on open (bsc#1144333). - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Apply sync-write workaround to old Intel platforms, too (bsc#1111666). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda - constify and cleanup static NodeID tables (bsc#1111666). - ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - Clean up Intel platform-specific fixup checks (bsc#1111666). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker (bsc#1111666). - ALSA: hda/realtek - Add Headset Mic supported for HP cPC (bsc#1111666). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALCS1200A (bsc#1111666). - ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen (bsc#1111666). - ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too (bsc#1111666). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC (bsc#1111666). - ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported (bsc#1111666). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda/realtek - More constifications (bsc#1111666). - ALSA: hda/realtek - Set EAPD control to default for ALC222 (bsc#1111666). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Add JasperLake PCI ID and codec vid (bsc#1111666). - ALSA: hda: Clear RIRB status before reading WP (bsc#1111666). - ALSA: hda: Constify snd_kcontrol_new items (bsc#1111666). - ALSA: hda: Constify snd_pci_quirk tables (bsc#1111666). - ALSA: hda: More constifications (bsc#1111666). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: hda: constify copied structure (bsc#1111666). - ALSA: hda: correct kernel-doc parameter descriptions (bsc#1111666). - ALSA: hda: hdmi - add Tigerlake support (bsc#1111666). - ALSA: hda: hdmi - fix pin setup on Tigerlake (bsc#1111666). - ALSA: hda: patch_hdmi: remove warnings with empty body (bsc#1111666). - ALSA: hda: patch_realtek: fix empty macro usage in if block (bsc#1111666). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: sh: Fix unused variable warnings (bsc#1111666). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 (bsc#1111666). - ALSA: usb-audio: Fix endianess in descriptor validation (bsc#1111666). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI (bsc#1111666). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - CIFS: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - CIFS: Close cached root handle only if it had a lease (bsc#1144333). - CIFS: Close open handle after interrupted close (bsc#1144333). - CIFS: Do not miss cancelled OPEN responses (bsc#1144333). - CIFS: Fix NULL pointer dereference in mid callback (bsc#1144333). - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - CIFS: Fix task struct use-after-free on reconnect (bsc#1144333). - CIFS: Properly process SMB3 lease breaks (bsc#1144333). - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - CIFS: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - CIFS: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - CIFS: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - CIFS: refactor cifs_get_inode_info() (bsc#1144333). - CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - Cover up kABI breakage due to DH key verification (bsc#1155331). - Delete patches which cause regression (bsc#1165527 ltc#184149). - Documentation: Document arm64 kpti control (bsc#1162623). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - Fix the locking in dcache_readdir() and friends (bsc#1123328). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: Do not cancel unused work item (bsc#1114685 ). - IB/mlx5: Fix steering rule of drop and count (bsc#1103991 ). - IB/mlx5: Remove dead code (bsc#1103991). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: pciehp: Avoid returning prematurely from sysfs requests (git-fixes). - PCI: rpaphp: Add drc-info support for hotplug slot registration (bsc#1157480 ltc#181028). - PCI: rpaphp: Annotate and correctly byte swap DRC properties (bsc#1157480 ltc#181028). - PCI: rpaphp: Avoid a sometimes-uninitialized warning (bsc#1157480 ltc#181028). - PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info (bsc#1157480 ltc#181028). - PCI: rpaphp: Do not rely on firmware feature to imply drc-info support (bsc#1157480 ltc#181028). - PCI: rpaphp: Fix up pointer to first drc-info entry (bsc#1157480 ltc#181028). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series (bsc#1154916). - RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (bsc#1157895). - RDMA/bnxt_re: Fix missing le16_to_cpu (bsc#1157895). - RDMA/cma: Fix unbalanced cm_id reference count during address resolve (bsc#1103992). - RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create (bsc#1114685). - RDMA/hns: Bugfix for qpc/cqc timer configuration (bsc#1104427 bsc#1126206). - RDMA/hns: Correct the value of srq_desc_size (bsc#1104427 ). - RDMA/hns: Fix to support 64K page for srq (bsc#1104427 ). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - RDMA/uverbs: Verify MR access flags (bsc#1103992). - crypto/dh: Adjust for change of DH_KPP_SECRET_MIN_SIZE in 35f7d5225ffcbf1b759f641aec1735e3a89b1914 - crypto/dh: Remove the fips=1 check in dh.c dh.c is not fips-specific and should perform the same regardless of this setting. - Revert 'HID: add NOGET quirk for Eaton Ellipse MAX UPS' (git-fixes). - Revert 'Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers' (bsc#1051510). - Revert 'ath10k: fix DMA related firmware crashes on multiple devices' (git-fixes). - Revert 'locking/pvqspinlock: Do not wait if vCPU is preempted' (bsc#1050549). - Revert 'mmc: sdhci: Fix incorrect switch to HS mode' (bsc#1051510). - Revert patches.suse/samples-bpf-add-a-test-for-bpf_override_return.patch (bsc#1159500) - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - SMB3: Fix persistent handles reconnect (bsc#1144333). - SUNRPC: Fix svcauth_gss_proxy_init() (bsc#1103992). - Staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - USB: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - USB: adutux: fix interface sanity check (bsc#1051510). - USB: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: fix check for duplicate endpoints (git-fixes). - USB: documentation: flags on usb-storage versus UAS (bsc#1051510). - USB: idmouse: fix interface sanity checks (bsc#1051510). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - USB: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - USB: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - USB: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - USB: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - USB: serial: ir-usb: fix IrLAP framing (bsc#1051510). - USB: serial: ir-usb: fix link-speed handling (bsc#1051510). - USB: serial: keyspan: handle unbound ports (bsc#1051510). - USB: serial: opticon: fix control-message timeouts (bsc#1051510). - USB: serial: option: Add support for Quectel RM500Q (bsc#1051510). - USB: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - USB: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - USB: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - USB: serial: quatech2: handle unbound ports (bsc#1051510). - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - USB: serial: suppress driver bind attributes (bsc#1051510). - USB: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - USB: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - Update patches.suse/powerpc-xive-Implement-get_irqchip_state-method-for-.patch (bsc#1085030). - af_packet: set defaule value for tmo (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: Correct the DMA direction for management tx buffers (bsc#1111666). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath10k: pci: Fix comment on ath10k_pci_dump_memory_sram (bsc#1111666). - ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe (bsc#1111666). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1159377). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1159377). - blk-mq: make sure that line break can be printed (bsc#1164098). - bnxt: apply computed clamp value for coalece parameter (bsc#1104745). - bnxt_en: Fix MSIX request logic for RDMA driver (bsc#1104745 ). - bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bnxt_en: Improve device shutdown method (bsc#1104745 ). - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs (bsc#1134090 jsc#SLE-5954). - bnxt_en: Return error if FW returns more data than dump length (bsc#1104745). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill (bsc#1109837). - bpf, offload: Unlock on error in bpf_offload_dev_create() (bsc#1109837). - bpf/sockmap: Read psock ingress_msg before sk_receive_queue (bsc#1083647). - bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() (bsc#1083647). - bpf: Fix incorrect verifier simulation of ARSH under ALU32 (bsc#1083647). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - bpf: Reject indirect var_off stack access in raw mode (bsc#1160618). - bpf: Reject indirect var_off stack access in unpriv mode (bco#1160618). - bpf: Sanity check max value for var_off stack access (bco#1160618). - bpf: Support variable offset stack access from helpers (bco#1160618). - bpf: add self-check logic to liveness analysis (bsc#1160618). - bpf: add verifier stats and log_level bit 2 (bsc#1160618). - bpf: improve stacksafe state comparison (bco#1160618). - bpf: improve verification speed by droping states (bsc#1160618). - bpf: improve verification speed by not remarking live_read (bsc#1160618). - bpf: improve verifier branch analysis (bsc#1160618). - bpf: increase complexity limit and maximum program size (bsc#1160618). - bpf: increase verifier log limit (bsc#1160618). - bpf: skmsg, fix potential psock NULL pointer dereference (bsc#1109837). - bpf: speed up stacksafe check (bco#1160618). - bpf: verifier: teach the verifier to reason about the BPF_JSET instruction (bco#1160618). - brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev() (bsc#1111666). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362 (bsc#1111666). - brcmfmac: set F2 watermark to 256 for 4373 (bsc#1111666). - brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 (bsc#1111666). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix deadlocks in autodisconnect work (bsc#1111666). - cfg80211: fix memory leak in cfg80211_cqm_rssi_update (bsc#1111666). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: add support for flock (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: imx: clk-composite-8m: add lock to gate/mux (git-fixes). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - core: Do not skip generic XDP program execution for cloned SKBs (bsc#1109837). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: caam/qi2 - fix typo in algorithm's driver name (bsc#1111666). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - devlink: report 0 after hitting end in region read (bsc#1109837). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero (bsc#1111666). - drm/amd/powerplay: remove set but not used variable 'us_mvdd' (bsc#1111666). - drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc (bsc#1111666). - drm/amdgpu: add function parameter description in 'amdgpu_device_set_cg_state' (bsc#1111666). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) (bsc#1111666). - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'invalid' (bsc#1111666). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915/gvt: Pin vgpu dma address before using (bsc#1112178) - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/gvt: set guest display buffer as readonly (bsc#1112178) - drm/i915/gvt: use vgpu lock for active state setting (bsc#1112178) - drm/i915/perf: add missing delay for OA muxes configuration (bsc#1111666). - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() (bsc#1111666). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set (bsc#1111666). - drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV (bsc#1111666). - drm/i915: Reacquire priolist cache after dropping the engine lock (bsc#1129770) Fixes a const function argument in the patch. - drm/i915: Sanity check mmap length against object size (bsc#1111666). - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm/msm: include linux/sched/task.h (bsc#1112178) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/bar/gf100: ensure BAR is mapped (bsc#1111666). - drm/nouveau/bar/nv50: check bar1 vmm return value (bsc#1111666). - drm/nouveau/mmu: qualify vmm during dtor (bsc#1111666). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rect: Avoid division by zero (bsc#1111666). - drm/rect: update kerneldoc for drm_rect_clip_scaled() (bsc#1111666). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/sun4i: hdmi: Remove duplicate cleanup calls (bsc#1113956) - drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model (bsc#1111666). - drm/sun4i: tcon: Set min division of TCON0_DCLK to 1 (bsc#1111666). - drm/ttm: ttm_tt_init_fields() can be static (bsc#1111666). - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1111666). - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: fix mount failure with quota configured as module (bsc#1164471). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - fix memory leak in large read decrypt offload (bsc#1144333). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hotplug/drc-info: Add code to search ibm,drc-info property (bsc#1157480 ltc#181028). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: Fix offset usage in netvsc_send_table() (bsc#1164598). - hv_netvsc: Fix send_table offset in case of a host bug (bsc#1164598). - hv_netvsc: Fix tx_table init in rndis_set_subchannel() (bsc#1164598). - hv_netvsc: Fix unwanted rx_table reset (bsc#1164598). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs (bsc#1163206). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ice: fix stack leakage (bsc#1118661). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/iova: Init the struct iova to fix the possible memleak (bsc#1160469). - iommu/mediatek: Correct the flush_iotlb_all callback (bsc#1160470). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipmi: Do not allow device module unload when in use (bsc#1154768). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipv6: restrict IPV6_ADDRFORM operation (bsc#1109837). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: change monitor DMA to be coherent (bsc#1161243). - iwlwifi: clear persistence bit according to device family (bsc#1111666). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: force TCM re-evaluation on TCM resume (bsc#1111666). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - iwlwifi: pcie: fix erroneous print (bsc#1111666). - iwlwifi: trans: Clear persistence bit when starting the FW (bsc#1111666). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI fix for 'ipmi: Do not allow device module unload when in use' (bsc#1154768). - kABI fixup for alloc_dax_region (bsc#1158071,bsc#1160678). - kABI workaround for can/skb.h inclusion (bsc#1051510). - crypto/dh: Make sure the FIPS pubkey check is only executed in FIPS mode. - kABI: Protest new fields in BPF structs (bsc#1160618). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kabi/severities: Whitelist rpaphp_get_drc_props (bsc#1157480 ltc#181028). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - kvm: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762). - libnvdimm-fix-devm_nsio_enable-kabi.patch: Fixup compiler warning - libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (bsc#1153535). - libnvdimm/pfn: Account for PAGE_SIZE > info-block-size in nd_pfn_init() (bsc#1127682 bsc#1153535 ltc#175033 ltc#181834). - libnvdimm: Fix devm_nsio_enable() kabi (bsc#1153535). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: fix ieee80211_txq_setup_flows() failure path (bsc#1111666). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - md/raid0: Fix buffer overflow at debug print (bsc#1164051). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions (bsc#1143959) - mlxsw: spectrum: Wipe xstats.backlog of down ports (bsc#1112374). - mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO (bsc#1112374). - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters (bsc#1112374). - mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel (bsc#1112374). - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci: Add a quirk for broken command queuing (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK (git-fixes). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - moduleparam: fix parameter description mismatch (bsc#1051510). - mqprio: Fix out-of-bounds access in mqprio_dump (bsc#1109837). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: delete unused mwifiex_get_intf_num() (bsc#1111666). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - mwifiex: update set_mac_address logic (bsc#1111666). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net, sysctl: Fix compiler warning when only cBPF is present (bsc#1109837). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: Fix wrong limitation for number of TX rings (bsc#1103989). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: Accumulate levels for chains prio namespaces (bsc#1103990). - net/mlx5: Fix lowest FDB pool size (bsc#1103990). - net/mlx5: IPsec, Fix esp modify function attribute (bsc#1103990 ). - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx (bsc#1103990). - net/mlx5: Update the list of the PCI supported devices (bsc#1127611). - net/mlx5: Update the list of the PCI supported devices (bsc#1127611). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Query global pause state before setting prio2buffer (bsc#1103990). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net/tls: fix async operation (bsc#1109837). - net/tls: free the record on encryption error (bsc#1109837). - net/tls: take into account that bpf_exec_tx_verdict() may free the record (bsc#1109837). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - net: Fix Tx hash bound checking (bsc#1109837). - net: add sendmsg_locked and sendpage_locked to af_inet6 (bsc#1144162). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: hns3: fix ETS bandwidth validation bug (bsc#1104353 ). - net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples() (bsc#1104353). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net: sched: correct flower port blocking (git-fixes). - net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (bsc#1109837). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues (bsc#1109837). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: cherryview: Fix irq_valid_mask calculation (bsc#1111666). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/mellanox: fix potential deadlock in the tmfifo driver (bsc#1136333 jsc#SLE-4994). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/papr_scm: Do not enable direct map for a region by default (bsc#1129551). - powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths (bsc#1142685 ltc#179509). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Add cpu DLPAR support for drc-info property (bsc#1157480 ltc#181028). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/pseries: Enable support for ibm,drc-info property (bsc#1157480 ltc#181028). - powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry (bsc#1157480 ltc#181028). - powerpc/pseries: Fix drc-info mappings of logical cpus to drc-index (bsc#1157480 ltc#181028). - powerpc/pseries: Fix vector5 in ibm architecture vector table (bsc#1157480 ltc#181028). - powerpc/pseries: Revert support for ibm,drc-info devtree property (bsc#1157480 ltc#181028). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Enable support for ibm,drc-info devtree property (bsc#1157480 ltc#181028). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - pseries/drc-info: Search DRC properties for CPU indexes (bsc#1157480 ltc#181028). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - ptr_ring: add include of linux/mm.h (bsc#1109837). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Conflict with too old powerpc-utils (jsc#ECO-920, jsc#SLE-11054, jsc#SLE-11322). - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (bsc#1111666). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi-qla2xxx-Fix-qla2x00_request_irqs-for-MSI.patch - scsi-qla2xxx-fix-rports-not-being-mark-as-lost-in-sy.patch - scsi-qla2xxx-unregister-ports-after-GPN_FT-failure.patch - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1154601). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sfc: Remove 'PCIE error reporting unavailable' (bsc#1161472). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tun: add mutex_unlock() call and napi.skb clearing in tun_get_user() (bsc#1109837). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: roles: fix a potential use after free (git-fixes). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/amd_nb: Add PCI device IDs for family 17h, model 70h (bsc#1163206). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1060463 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1090888 SUSE bug 1103989 SUSE bug 1103990 SUSE bug 1103991 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104745 SUSE bug 1105392 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112374 SUSE bug 1112504 SUSE bug 1113956 SUSE bug 1114279 SUSE bug 1114685 SUSE bug 1115026 SUSE bug 1118338 SUSE bug 1118661 SUSE bug 1123328 SUSE bug 1126206 SUSE bug 1127371 SUSE bug 1127611 SUSE bug 1127682 SUSE bug 1129551 SUSE bug 1129770 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134090 SUSE bug 1134973 SUSE bug 1136157 SUSE bug 1136333 SUSE bug 1140025 SUSE bug 1142685 SUSE bug 1143959 SUSE bug 1144162 SUSE bug 1144333 SUSE bug 1146539 SUSE bug 1151548 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152107 SUSE bug 1152631 SUSE bug 1153535 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1154601 SUSE bug 1154768 SUSE bug 1154916 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157169 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157480 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157895 SUSE bug 1157908 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158071 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158533 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159377 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159500 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160147 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160469 SUSE bug 1160470 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160618 SUSE bug 1160659 SUSE bug 1160678 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161243 SUSE bug 1161360 SUSE bug 1161472 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1161951 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163206 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164051 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164598 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165813 SUSE bug 1165881 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-16746 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19526 CVE-2019-19527 CVE-2019-19532 CVE-2019-19533 CVE-2019-19535 CVE-2019-19537 CVE-2019-19767 CVE-2019-19927 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). - CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). - CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1162629 SUSE bug 1162632 SUSE bug 1165280 SUSE bug 1165289 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in <use> elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1162501 CVE-2019-20446 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling (bsc#1164825). - CVE-2020-1935: Fixed an HTTP Request Smuggling issue (bsc#1164860). - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1164692 SUSE bug 1164825 SUSE bug 1164860 CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for salt fixes the following issues: - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - New configuration option for selection of grains in the minion start event. - Fix 'os_family' grain for Astra Linux Common Edition - Fix for salt-api NET API where unauthenticated attacker could run arbitrary code (CVE-2019-17361) (bsc#1162504) - Adds disabled parameter to mod_repo in aptpkg module Move token with atomic operation Bad API token files get deleted (bsc#1160931) - Support for Btrfs and XFS in parted and mkfs added - Adds list_downloaded for apt Module to enable pre-downloading support Adds virt.(pool|network)_get_xml functions - Various libvirt updates: * Add virt.pool_capabilities function * virt.pool_running improvements * Add virt.pool_deleted state * virt.network_define allow adding IP configuration - virt: adding kernel boot parameters to libvirt xml - Fix to scheduler when data['run'] does not exist (bsc#1159118) - Fix virt states to not fail on VMs already stopped - Fix applying of attributes for returner rawfile_json (bsc#1158940) - xfs: do not fail if type is not present (bsc#1153611) - Fix errors when running virt.get_hypervisor function - Align virt.full_info fixes with upstream Salt - Fix for log checking in x509 test - Read repo info without using interpolation (bsc#1135656) - Limiting M2Crypto to >= SLE15 - Replacing pycrypto with M2Crypto (bsc#1165425) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1135656 SUSE bug 1153611 SUSE bug 1157465 SUSE bug 1158940 SUSE bug 1159118 SUSE bug 1160931 SUSE bug 1162327 SUSE bug 1162504 SUSE bug 1165425 CVE-2019-17361 CVE-2019-18897 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-excon fixes the following issues: CVE-2019-16779 (boo#1159342): Fix a race condition around persistent connections, where a connection, which was interrupted, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. Moderate SUSE bug 1159342 CVE-2019-16779 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wireshark and libmaxminddb fixes the following issues: Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include: - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC - Improved support for existing protocols, like HTTP/2 - Improved analytics and usability functionalities This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1093733 SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 SUSE bug 1106514 SUSE bug 1111647 SUSE bug 1117740 SUSE bug 1121231 SUSE bug 1121232 SUSE bug 1121233 SUSE bug 1121234 SUSE bug 1121235 SUSE bug 1127367 SUSE bug 1127369 SUSE bug 1127370 SUSE bug 1131941 SUSE bug 1131945 SUSE bug 1136021 SUSE bug 1141980 SUSE bug 1150690 SUSE bug 1156288 SUSE bug 1158505 SUSE bug 1161052 SUSE bug 1165241 SUSE bug 1165710 SUSE bug 957624 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-12086 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10897 CVE-2019-10898 CVE-2019-10899 CVE-2019-10900 CVE-2019-10901 CVE-2019-10902 CVE-2019-10903 CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 CVE-2020-7044 CVE-2020-9428 CVE-2020-9429 CVE-2020-9430 CVE-2020-9431 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium to version 80.0.3987.149 fixes the following issues: Chromium was update to 80.0.3987.149 (bsc#1167090): - CVE-2020-6422: Fixed a use after free in WebGL. - CVE-2020-6424: Fixed a use after free in media. - CVE-2020-6425: Fixed an insufficient policy enforcement in extensions. - CVE-2020-6426: Fixed an inappropriate implementation in V8. - CVE-2020-6427: Fixed a use after free in audio. - CVE-2020-6428: Fixed a use after free in audio. - CVE-2020-6429: Fixed a use after free in audio. - CVE-2019-20503: Fixed an out of bounds read in usersctplib. - CVE-2020-6449: Fixed a use after free in audio. Important SUSE bug 1167090 CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: MozillaThunderbird was updated to 68.6.0 ESR (MFSA 2020-10 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody (bsc#1159740) - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions (bsc#1158910) . - Made cron script more failsafe (bsc#1150556) Non-security issue fixed: - Refreshed font map files on update (bsc#1155381) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1150556 SUSE bug 1155381 SUSE bug 1158910 SUSE bug 1159740 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2019-20479: Fixed an open redirect issue in URLs with slash and backslash (bsc#1164459). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1164459 CVE-2019-20479 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for skopeo fixes the following issues: Update to skopeo v0.1.41 (bsc#1165715): - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 - Bump github.com/containers/common from 0.0.7 to 0.1.4 - Remove the reference to openshift/api - vendor github.com/containers/image/v5@v5.2.0 - Manually update buildah to v1.13.1 - add specific authfile options to copy (and sync) command. - Bump github.com/containers/buildah from 1.11.6 to 1.12.0 - Add context to --encryption-key / --decryption-key processing failures - Bump github.com/containers/storage from 1.15.2 to 1.15.3 - Bump github.com/containers/buildah from 1.11.5 to 1.11.6 - remove direct reference on c/image/storage - Makefile: set GOBIN - Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7 - Bump github.com/containers/storage from 1.15.1 to 1.15.2 - Introduce the sync command - openshift cluster: remove .docker directory on teardown - Bump github.com/containers/storage from 1.14.0 to 1.15.1 - document installation via apk on alpine - Fix typos in doc for image encryption - Image encryption/decryption support in skopeo - make vendor-in-container - Bump github.com/containers/buildah from 1.11.4 to 1.11.5 - Travis: use go v1.13 - Use a Windows Nano Server image instead of Server Core for multi-arch testing - Increase test timeout to 15 minutes - Run the test-system container without --net=host - Mount /run/systemd/journal/socket into test-system containers - Don't unnecessarily filter out vendor from (go list ./...) output - Use -mod=vendor in (go {list,test,vet}) - Bump github.com/containers/buildah from 1.8.4 to 1.11.4 - Bump github.com/urfave/cli from 1.20.0 to 1.22.1 - skopeo: drop support for ostree - Don't critically fail on a 403 when listing tags - Revert 'Temporarily work around auth.json location confusion' - Remove references to atomic - Remove references to storage.conf - Dockerfile: use golang-github-cpuguy83-go-md2man - bump version to v0.1.41-dev - systemtest: inspect container image different from current platform arch Changes in v0.1.40: - vendor containers/image v5.0.0 - copy: add a --all/-a flag - System tests: various fixes - Temporarily work around auth.json location confusion - systemtest: copy: docker->storage->oci-archive - systemtest/010-inspect.bats: require only PATH - systemtest: add simple env test in inspect.bats - bash completion: add comments to keep scattered options in sync - bash completion: use read -r instead of disabling SC2207 - bash completion: support --opt arg completion - bash-completion: use replacement instead of sed - bash completion: disable shellcheck SC2207 - bash completion: double-quote to avoid re-splitting - bash completions: use bash replacement instead of sed - bash completion: remove unused variable - bash-completions: split decl and assignment to avoid masking retvals - bash completion: double-quote fixes - bash completion: hard-set PROG=skopeo - bash completion: remove unused variable - bash completion: use `||` instead of `-o` - bash completion: rm eval on assigned variable - copy: add --dest-compress-format and --dest-compress-level - flag: add optionalIntValue - Makefile: use go proxy - inspect --raw: skip the NewImage() step - update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f - inspect.go: inspect env variables - ostree: use both image and & storage buildtags Update to skopeo v0.1.39 (bsc#1159530): - inspect: add a --config flag - Add --no-creds flag to skopeo inspect - Add --quiet option to skopeo copy - New progress bars - Parallel Pulls and Pushes for major speed improvements - containers/image moved to a new progress-bar library to fix various issues related to overlapping bars and redundant entries. - enforce blocking of registries - Allow storage-multiple-manifests - When copying images and the output is not a tty (e.g., when piping to a file) print single lines instead of using progress bars. This avoids long and hard to parse output - man pages: add --dest-oci-accept-uncompressed-layers - completions: - Introduce transports completions - Fix bash completions when a option requires a argument - Use only spaces in indent - Fix completions with a global option - add --dest-oci-accept-uncompressed-layers This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159530 SUSE bug 1165715 CVE-2019-10214 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159003 SUSE bug 1166481 CVE-2019-18802 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat to version 9.0.30 fixes the following issues: Security issue fixed: - CVE-2019-12418: Fixed a local privilege escalation through by manipulating the RMI registry and performing a man-in-the-middle attack (bsc#1159723). - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication (bsc#1159729). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1139924 SUSE bug 1159723 SUSE bug 1159729 CVE-2019-10072 CVE-2019-12418 CVE-2019-17563 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1163184 SUSE bug 1164505 SUSE bug 1165784 CVE-2020-10029 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mcpp fixes the following issues: - CVE-2019-14274: Fixed a heap-based buffer overflow in the do_msg() (boo#1143032) Moderate SUSE bug 1143032 CVE-2019-14274 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929 1164078). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162929 1162931). - CVE-2020-9383: An issue was discovered in the set_fdc in drivers/block/floppy.c that lead to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2 (bnc#1165111). - CVE-2019-19768: There was a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer) (bnc#1159285). The following non-security bugs were fixed: - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666). - ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666). - ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666). - ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666). - ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666). - ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666). - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666). - ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666). - ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666). - ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666). - ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666). - ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666). - ALSA: usb-audio: fix Corsair Virtuoso mixer label collision (bsc#1111666). - ALSA: usb-audio: unlock on error in probe (bsc#1111666). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - Add CONFIG_RAID6_PQ_BENCHMARK=y in following config files for the above change, - EDAC, ghes: Make platform-based whitelisting x86-only (bsc#1158187). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - Enable the following two patches in series.conf, and refresh the KABI patch due to previous md commit (bsc#1119680), - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - PCI/AER: Clear device status bits during ERR_COR handling (bsc#1161561). - PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL (bsc#1161561). - PCI/AER: Clear only ERR_FATAL status bits during fatal recovery (bsc#1161561). - PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery (bsc#1161561). - PCI/AER: Do not clear AER bits if error handling is Firmware-First (bsc#1161561). - PCI/AER: Do not read upstream ports below fatal errors (bsc#1161561). - PCI/AER: Factor out ERR_NONFATAL status bit clearing (bsc#1161561). - PCI/AER: Take reference on error devices (bsc#1161561). - PCI/ERR: Run error recovery callbacks for all affected devices (bsc#1161561). - PCI/ERR: Use slot reset if available (bsc#1161561). - Update 'drm/i915: Wean off drm_pci_alloc/drm_pci_free' (bsc#1114279) This patch fixes ../drivers/gpu/drm/i915/i915_gem.c: In function 'i915_gem_object_get_pages_phys': ../drivers/gpu/drm/i915/i915_gem.c:232:2: warning: return makes pointer from integer without a cast [enabled by default] introduced by commit cde29f21f04985905600b14e6936f4f023329a99. - Update config files. CONFIG_IPX was set on ARM. Disable as on other archs. - [1/2,media] uvcvideo: Refactor teardown of uvc on USB disconnect (https://patchwork.kernel.org/patch/9683663/) (bsc#1164507) - amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956) - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - config: enable BLK_DEV_SR_VENDOR on armv7hl (bsc#1164632) - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drm/amd/dm/mst: Ignore payload update failures (bsc#1112178) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes). - drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits (git-fixes). - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Program MBUS with rmw during initialization (git-fixes). - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets (git-fixes). - drm/sun4i: Fix DE2 VI layer format support (git-fixes). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (git-fixes). - drm: remove the newline for CRC source name (bsc#1051510). - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes). - firmware: imx: scu: Ensure sequential TX (git-fixes). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/amd: Remap the IOMMU device table with the memory encryption mask for kdump (bsc#1141895). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled (bsc#1141895). - kexec: Allocate decrypted control pages for kdump if SME is enabled (bsc#1141895). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields (bsc#1165929). - libnvdimm/pfn_dev: Do not clear device memmap area during generic namespace probe (bsc#1165929 bsc#1165950). - libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md-batch-flush-requests-kabi.patch - md-batch-flush-requests.patch - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md: change kabi fix patch name, from patches.kabi/md-batch-flush-requests-kabi.patch to patches.kabi/md-backport-kabi.patch - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix cleanup for linkgroup setup failures (git-fixes). - net/smc: no peer ID in CLC decline for SMCD (git-fixes). - net/smc: transfer fasync_list in case of fallback (git-fixes). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - nvme: Fix parsing of ANA log page (bsc#1166658). - nvme: Translate more status codes to blk_status_t (bsc#1156510). - nvme: resync include/linux/nvme.h with nvmecli (bsc#1156510). - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: imx: scu: Align imx sc msg structs to 4 (git-fixes). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - powerpc/pseries: fix of_read_drc_info_cell() to point at next record (bsc#1165980 ltc#183834). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - s390/pci: Fix unexpected write combine on resource (git-fixes). - s390/uv: Fix handling of length extensions (git-fixes). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - usb: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/ioremap: Add an ioremap_encrypted() helper (bsc#1141895). - x86/kdump: Export the SME mask to vmcoreinfo (bsc#1141895). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1051510 SUSE bug 1056686 SUSE bug 1065729 SUSE bug 1111666 SUSE bug 1111974 SUSE bug 1112178 SUSE bug 1113956 SUSE bug 1114279 SUSE bug 1119680 SUSE bug 1141895 SUSE bug 1156510 SUSE bug 1158187 SUSE bug 1159285 SUSE bug 1161561 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1164078 SUSE bug 1164507 SUSE bug 1164632 SUSE bug 1165111 SUSE bug 1165741 SUSE bug 1165873 SUSE bug 1165929 SUSE bug 1165950 SUSE bug 1165980 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166658 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 CVE-2019-19768 CVE-2020-8647 CVE-2020-8649 CVE-2020-9383 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1140844 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1162396 SUSE bug 1164804 CVE-2012-6708 CVE-2015-9251 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-8130 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues: podman was updated to 1.8.0: - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829 bsc#1155217) - The name of the cni-bridge in the default config changed from 'cni0' to 'podman-cni0' with podman-1.6.0. Add a %trigger to rename the bridge in the system to the new default if it exists. The trigger is only excuted when updating podman-cni-config from something older than 1.6.0. This is mainly needed for SLE where we're updating from 1.4.4 to 1.8.0 (bsc#1160460). Update podman to v1.8.0 (bsc#1160460): * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra ' to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if --all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 - Add apparmor-abstractions as required runtime dependency to have `tunables/global` available. - fixed the --force flag for the 'container prune' command. (https://github.com/containers/libpod/issues/4844) Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the --format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys='' - The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory Update podman to v1.6.4 - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers - Suppress spurious log messages when running rootless Podman - Update vendored containers/storage to v1.13.6 - Fix a deadlock related to writing events - Do not use the journald event logger when it is not available Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect - Add katacontainers as a recommended package, and include it as an additional OCI runtime in the configuration. Update podman to v1.5.1 * Features - The hostname of pods is now set to the pod's name * Bugfixes - Fixed a bug where podman run and podman create did not honor the --authfile option (#3730) - Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container - Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf - Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795) - Fixed a bug where Podman would exit with an error if any configured hooks directory was not present - Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801) - Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete * Misc - Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781) - Podman now properly sets a user agent while contacting registries (#3788) - Add zsh completion for podman commands Update podman to v1.5.0 * Features - Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH - Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors - The podman generate kube command now produces YAML for any bind mounts the container has created (#2303) - The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host - Added the ability for podman events to output JSON by specifying --format=json - If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path - Added the ability to use podman import with URLs (#3609) - The podman ps command now supports filtering names using regular expressions (#3394) - Rootless Podman containers with --privileged set will now mount in all host devices that the user can access - The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container - Rootless Podman now supports healthchecks (#3523) - The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker - Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create - The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container - The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors - Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use * Bugfixes - Fixed a bug where a race condition could cause podman restart to fail to start containers with ports - Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at - Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher - Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689) - Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648) - Fixed a bug where podman commit --changes would not properly set environment variables - Fixed a bug where Podman could segfault while working with images with no history - Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635) - Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs - Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553) - Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available - Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556) - Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver - Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped - Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525) - Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507) - Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504) - Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524) - Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time - Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500) - Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455) - Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487) - Fixed a bug where restored containers would not have the correct SELinux label - Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified - Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715) - Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980) - Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547) - Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708) - Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616) - Fixed a bug where podman port would exit prematurely when a port number was specified (#3747) - Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container * Misc - Updated vendored Buildah to v1.10.1 - Updated vendored containers/image to v3.0.2 - Updated vendored containers/storage to v1.13.1 - Podman now requires conmon v2.0.0 or higher - The podman info command now displays the events logger being in use - The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process - The -v short flag for podman --version has been re-added - Error messages from podman pull should be significantly clearer - The podman exec command is now available in the remote client - The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew. - Update libpod.conf to support latest path discovery feature for `runc` and `conmon` binaries. conmon was included in version 2.0.10. (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): fuse-overlayfs was updated to v0.7.6 (bsc#1160460) - do not look in lower layers for the ino if there is no origin xattr set - attempt to use the file path if the operation on the fd fails with ENXIO - do not expose internal xattrs through listxattr and getxattr - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. - fix possible segmentation fault in direct_fsync() - use the data store to create missing whiteouts - after a rename, force a directory reload - introduce inodes cache - correctly read inode for unix sockets - avoid hash map lookup when possible - use st_dev for the ino key - check whether writeback is supported - set_attrs: don't require write to S_IFREG - ioctl: do not reuse fi->fh for directories - fix skip whiteout deletion optimization - store the new mode after chmod - support fuse writeback cache and enable it by default - add option to disable fsync - add option to disable xattrs - add option to skip ino number check in lower layers - fix fd validity check - fix memory leak - fix read after free - fix type for flistxattr return - fix warnings reported by lgtm.com - enable parallel dirops cni was updated to 0.7.1: - Set correct CNI version for 99-loopback.conf Update to version 0.7.1 (bsc#1160460): * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list Update to version 0.7.0: * Spec changes: + Use more RFC2119 style language in specification (must, should...) + add notes about ADD/DEL ordering + Make the container ID required and unique. + remove the version parameter from ADD and DEL commands. + Network interface name matters + be explicit about optional and required structure members + add CHECK method + Add a well-known error for 'try again' + SPEC.md: clarify meaning of 'routes' * Library changes: + pkg/types: Makes IPAM concrete type + libcni: return error if Type is empty + skel: VERSION shouldn't block on stdin + non-pointer instances of types.Route now correctly marshal to JSON + libcni: add ValidateNetwork and ValidateNetworkList functions + pkg/skel: return error if JSON config has no network name + skel: add support for plugin version string + libcni: make exec handling an interface for better downstream testing + libcni: api now takes a Context to allow operations to be timed out or cancelled + types/version: add helper to parse PrevResult + skel: only print about message, not errors + skel,invoke,libcni: implementation of CHECK method + cnitool: Honor interface name supplied via CNI_IFNAME environment variable. + cnitool: validate correct number of args + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0 + add PrintTo method to Result interface + Return a better error when the plugin returns none - Install sleep binary into CNI plugin directory cni-plugins was updated to 0.8.4: Update to version 0.8.4 (bsc#1160460): * add support for mips64le * Add missing cniVersion in README example * bump go-iptables module to v0.4.5 * iptables: add idempotent functions * portmap doesn't fail if chain doesn't exist * fix portmap port forward flakiness * Add Bruce Ma and Piotr Skarmuk as owners Update to version 0.8.3: * Enhancements: * static: prioritize the input sources for IPs (#400). * tuning: send gratuitous ARP in case of MAC address update (#403). * bandwidth: use uint64 for Bandwidth value (#389). * ptp: only override DNS conf if DNS settings provided (#388). * loopback: When prevResults are not supplied to loopback plugin, create results to return (#383). * loopback support CNI CHECK and result cache (#374). * Better input validation: * vlan: add MTU validation to loadNetConf (#405). * macvlan: add MTU validation to loadNetConf (#404). * bridge: check vlan id when loading net conf (#394). * Bugfixes: * bugfix: defer after err check, or it may panic (#391). * portmap: Fix dual-stack support (#379). * firewall: don't return error in DEL if prevResult is not found (#390). * bump up libcni back to v0.7.1 (#377). * Docs: * contributing doc: revise test script name to run (#396). * contributing doc: describe cnitool installation (#397). Update plugins to v0.8.2 + New features: * Support 'args' in static and tuning * Add Loopback DSR support, allow l2tunnel networks to be used with the l2bridge plugin * host-local: return error if same ADD request is seen twice * bandwidth: fix collisions * Support ips capability in static and mac capability in tuning * pkg/veth: Make host-side veth name configurable + Bug fixes: * Fix: failed to set bridge addr: could not add IP address to 'cni0': file exists * host-device: revert name setting to make retries idempotent (#357). * Vendor update go-iptables. Vendor update go-iptables to obtain commit f1d0510cabcb710d5c5dd284096f81444b9d8d10 * Update go.mod & go.sub * Remove link Down/Up in MAC address change to prevent route flush (#364). * pkg/ip unit test: be agnostic of Linux version, on Linux 4.4 the syscall error message is 'invalid argument' not 'file exists' * bump containernetworking/cni to v0.7.1 Updated plugins to v0.8.1: + Bugs: * bridge: fix ipMasq setup to use correct source address * fix compilation error on 386 * bandwidth: get bandwidth interface in host ns through container interface + Improvements: * host-device: add pciBusID property Updated plugins to v0.8.0: + New plugins: * bandwidth - limit incoming and outgoing bandwidth * firewall - add containers to firewall rules * sbr - convert container routes to source-based routes * static - assign a fixed IP address * win-bridge, win-overlay: Windows plugins + Plugin features / changelog: * CHECK Support * macvlan: - Allow to configure empty ipam for macvlan - Make master config optional * bridge: - Add vlan tag to the bridge cni plugin - Allow the user to assign VLAN tag - L2 bridge Implementation. * dhcp: - Include Subnet Mask option parameter in DHCPREQUEST - Add systemd unit file to activate socket with systemd - Add container ifName to the dhcp clientID, making the clientID value * flannel: - Pass through runtimeConfig to delegate * host-local: - host-local: add ifname to file tracking IP address used * host-device: - Support the IPAM in the host-device - Handle empty netns in DEL for loopback and host-device * tuning: - adds 'ip link' command related feature into tuning + Bug fixes & minor changes * Correctly DEL on ipam failure for all plugins * Fix bug on ip revert if cmdAdd fails on macvlan and host-device * host-device: Ensure device is down before rename * Fix -hostprefix option * some DHCP servers expect to request for explicit router options * bridge: release IP in case of error * change source of ipmasq rule from ipn to ip from version v0.7.5: + This release takes a minor change to the portmap plugin: * Portmap: append, rather than prepend, entry rules + This fixes a potential issue where firewall rules may be bypassed by port mapping This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1155217 SUSE bug 1160460 SUSE bug 1164390 CVE-2019-18466 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1162936 SUSE bug 1162937 SUSE bug 1163178 CVE-2020-8631 CVE-2020-8632 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Update to version 67.0.3575.97 - DNA-84063 Open URL in new tab with ‘Go to web address’ in search/copy popup and right mouse click context menu - DNA-84780 Search in Search and Copy popup opens tab in wrong position from popup window - DNA-84786 Crash at Browser::PasteAndGo(std::__1::basic_string const&, WindowOpenDisposition) - DNA-84815 Crash at TabStripModel::GetIndexOfWebContents (content::WebContents const*) - DNA-84937 [Mac] Workspace switching is slow with a lot of tabs opened - DNA-85159 Sidebar-setup not refreshed correctly after signing out from sync Update to version 67.0.3575.79 - CHR-7804 Update chromium on desktop-stable-80-3575 to 80.0.3987.132 - DNA-83766 Opera Ad Blocker extension state is not updated when changing it - DNA-83966 Enable kFeatureSuggestionScoringImproved on all the streams - DNA-84159 Settings – list of workspaces in the settings isn’t updated after reordering - DNA-84396 Inline autocomplete not working when SD becomes the top-scored suggestion - DNA-84711 Wrong autocomplete address for https sites - DNA-84741 No amazon partner extension displayed - DNA-84743 Crash at ExtensionsToolbarContainer::UndoPopOut() - DNA-84776 Bookmarks not fully displayed in Bookmarks Panel - DNA-84817 Crash at Browser::IsSearchAndCopyPopupEnabled() - DNA-84836 Broken video playback in some cases - DNA-84837 Audio decoder broken although available on Windows 7 - DNA-84860 [Mac] Address field not highlighted on hover - DNA-84889 [desktop-stable-80-3575] There’re no basic settings - DNA-84910 Fix output type selection of SW H.264 decoder - DNA-84938 Prepare stable build with Yx 05 edition - DNA-84969 Address bar dropdown launches HTTP GETs for every autocomplete Update to version 67.0.3575.53 - CHR-7792 Update chromium on desktop-stable-80-3575 to 80.0.3987.122 - DNA-84024 ‘Save all Tabs in Speed Dial Folder’ doesn’t work on main context menu - DNA-84056 Submenus are not scrollable - DNA-84061 Expanded bookmark menu overlaps the whole toolbar - DNA-84277 Whole text should be visible - DNA-84412 Dragging tab to different place activates another tab - DNA-84492 Disable any notifications for “default browser” from sweetlabs builds - DNA-84691 Crash when trying to open sidebar context menu - Update to version 67.0.3575.31 - DNA-84077 Hide seek and timer controls in video pop-out for YouTube live streams - DNA-84639 Promote O67 to stable - Complete Opera 67.0 changelog at: https://blogs.opera.com/desktop/changelog-for-67/ Update to version 66.0.3515.103 - DNA-83528 UnpackTest.CanUnpackTarXzFile test fails on OSX 10.15+ - DNA-83568 Add test driver perftests - DNA-84335 [Linux] Widevine is not working due to changed path of libwidevinecdm.so - DNA-84439 Opera extensions update requests are sent to chrome instead of opera servers Update to version 66.0.3515.72 - DNA-79691 Unable to play video on Netflix right after Opera installation - DNA-82102 Wrong cursor and X color of the search fields on Bookmark/History sidebar panels - DNA-82722 Google Translator blocks PDF viewer - DNA-83407 Crash at static void `anonymous namespace”::PureCall() - DNA-83530 Bad colors in Personal news when dark theme turned on - DNA-83531 Dragging speed dial root folders in bookmarks sidebar makes duplicates - DNA-83542 Fix background tabs loading issues - DNA-83806 Crash at opera::RichHintDisplayHandlerViews:: OnWidgetDestroying(views::Widget*) - DNA-83882 Crash at base::Value::Clone() - DNA-84007 Accessibility elements visible on pages after first navigation on Mac Update to version 66.0.3515.44 - CHR-7734 Update chromium on desktop-stable-79-3515 to 79.0.3945.130 - DNA-82635 [Mac] Fix crash when opening power save popup twice - DNA-83587 Fix Crash at opera::ThumbnailHelper::ThumbnailRequest::PopNextFrameToPaint() - DNA-83698 Unregister extensions keybindings when sidebar is hidden - DNA-83757 Stop making thumbnail after history onboarding will show Update to version 66.0.3515.36 - CHR-7717 Update chromium on desktop-stable-79-3515 to 79.0.3945.117 - DNA-81359 Translate “Speed Dials” folder in bookmarks panel - DNA-82627 Unify & streamline tooltip color processing across Opera. - DNA-82800 Enable kFeatureTurnOnFeaturesDownloadedByInstallerOnUpdates on all streams - DNA-83190 Record SwitchToFullSite events on icon clicks. - DNA-83496 Check if history-panel is enabled before showing onboarding. - DNA-83545 Fix a crash in adblocker rule update - DNA-83583 [Mac] Bookmark popup too bright in dark mode - DNA-83608 Set “plat” metadata in crash reports from Linux. Update to version 66.0.3515.27 - DNA-82683 Bookmarks menu is not readable in dark mode after hovering - DNA-83139 [macOS] screenshot is resized - DNA-83204 [Mac] Anchor onboarding widget to history icon on sidebar - DNA-83205 [Mac] Popup looks bad with mode change - DNA-83351 Enable feature on stable/beta - DNA-83366 [Mac] Onboarding popup doesn’t follow the browser window - DNA-83402 Promote O66 to stable - Complete Opera 66.0 changelog at: https://blogs.opera.com/desktop/changelog-for-66/ Update to version 65.0.3467.69 - DNA-82647 Tab icons mixed after Tab closing - DNA-82919 Update wrapper to skip package types when creating repo - DNA-82967 [Mac] Opera crashes on dragging the SSL icon on the URL Bar Moderate cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for strongswan fixes the following issues: Strongswan was updated to version 5.8.2 (jsc#SLE-11370). Security issue fixed: - CVE-2018-6459: Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation (bsc#1079548). Full changelogs: Version 5.8.2 * Identity-based CA constraints, which enforce that the certificate chain of the remote peer contains a CA certificate with a specific identity, are supported via vici/swanctl.conf. This is similar to the existing CA constraints but doesn't require that the CA certificate is locally installed, for instance, intermediate CA certificates received from the peers. Wildcard identity matching (e.g. ..., OU=Research, CN=*) could also be used for the latter but requires trust in the intermediate CAs to only issue certificates with legitimate subject DNs (e.g. the 'Sales' CA must not issue certificates with OU=Research). With the new constraint that's not necessary as long as a path length basic constraint (--pathlen for pki --issue) prevents intermediate CAs from issuing further intermediate CAs. * Intermediate CA certificates may now be sent in hash-and-URL encoding by configuring a base URL for the parent CA (#3234, swanctl/rw-hash-and-url-multi-level). * Implemented NIST SP-800-90A Deterministic Random Bit Generator (DRBG) based on AES-CTR and SHA2-HMAC modes. Currently used by the gmp and ntru plugins. * Random nonces sent in an OCSP requests are now expected in the corresponding OCSP responses. * The kernel-netlink plugin now ignores deprecated IPv6 addresses for MOBIKE. Whether temporary or permanent IPv6 addresses are included now depends on the charon.prefer_temporary_addrs setting (#3192). * Extended Sequence Numbers (ESN) are configured via PF_KEY if supported by the kernel. * The PF_KEY socket's receive buffer in the kernel-pfkey plugin is now cleared before sending requests, as many of the messages sent by the kernel are sent as broadcasts to all PF_KEY sockets. This is an issue if an external tool is used to manage SAs/policies unrelated to IPsec (#3225). * The vici plugin now uses unique section names for CHILD_SAs in child-updown events (7c74ce9190). * For individually deleted CHILD_SAs (in particular for IKEv1) the vici child-updown event now includes more information about the CHILD_SAs such as traffic statistics (#3198). * Custom loggers are correctly re-registered if log levels are changed via stroke loglevel (#3182). * Avoid lockups during startup on low entropy systems when using OpenSSL 1.1.1 (095a2c2eac). * Instead of failing later when setting a key, creating HMACs via openssl plugin now fails instantly if the underlying hash algorithm isn't supported (e.g. MD5 in FIPS-mode) so fallbacks to other plugins work properly (#3284). * Exponents of RSA keys read from TPM 2.0 via SAPI are correctly converted (8ee1242f1438). * Routing table IDs > 255 are supported for custom routes on Linux. * To avoid races, the check for hardware offloading support in the kernel-netlink plugin is performed during initialization of the plugin (a605452c03). * The D-Bus config file for charon-nm is now installed in $(datadir)/dbus-1/system.d instead of $(sysconfdir)/dbus-1/system.d, which is intended for sysadmin overrides. INVALID_MAJOR_VERSION notifies are now correctly sent in messages of the same exchange type and with the same message ID as the request. * IKEv2 SAs are now immediately destroyed when sending or receiving INVALID_SYNTAX notifies in authenticated messages. * For developers working from the repository the configure script now aborts if GNU gperf is not found. Version 5.8.1 * RDNs in DNs of X.509 certificates can now optionally be matched less strict. The global strongswan.conf option charon.rdn_matching takes two alternative values that cause the matching algorithm to either ignore the order of matched RDNs (reordered) or additionally (relaxed) accept DNs that contain more RDNs than configured (unmatched RDNs are treated like wildcard matches). * The updown plugin now passes the same interface to the script that is also used for the automatically installed routes, that is, the interface over which the peer is reached instead of the interface on which the local address is found (#3095). * TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple IKE_SAs use the same private key concurrently (4b25885025). * Do a rekey check after the third QM message was received (#3060). * If available, explicit_bzero() is now used as memwipe() instead of our own implementation. * An .editorconfig file has been added, mainly so Github shows files with proper indentation (68346b6962). * The internal certificate of the load-tester plugin has been modified so it can again be used as end-entity cert with 5.6.3 and later (#3139). * The maximum data length of received COOKIE notifies (64 bytes) is now enforced (#3160). Version 5.8.0 * The systemd service units have been renamed. The modern unit, which was called strongswan-swanctl, is now called strongswan (the previous name is configured as alias in the unit, for which a symlink is created when the unit is enabled). The legacy unit is now called strongswan-starter. * Support for XFRM interfaces (available since Linux 4.19) has been added, which are intended to replace VTI devices (they are similar but offer several advantages, for instance, they are not bound to an address or address family). * IPsec SAs and policies are associated with such interfaces via interface IDs that can be configured in swanctl.conf (dynamic IDs may optionally be allocated for each SA and even direction). It's possible to use separate interfaces for in- and outbound traffic (or only use an interface in one direction and regular policies in the other). * Interfaces may be created dynamically via updown/vici scripts, or statically before or after establishing the SAs. Routes must be added manually as needed (the daemon will not install any routes for outbound policies with an interface ID). * When moving XFRM interfaces to other network namespaces they retain access to the SAs and policies installed in the original namespace, which allows providing IPsec tunnels for processes in other network namespaces without giving them access to the IPsec keys or IKE credentials. More information can be found on the page about route-based VPNs. * Initiation of childless IKE_SAs is supported (RFC 6023). If enabled and supported by the responder, no CHILD_SA is established during IKE_AUTH. Instead, all CHILD_SAs are created with CREATE_CHILD_SA exchanges. This allows using a separate DH exchange even for the first CHILD_SA, which is otherwise created during IKE_AUTH with keys derived from the IKE_SA's key material. * The swanctl --initiate command may be used to initiate only the IKE_SA via --ike option if --child is omitted and the peer supports this extension. * The NetworkManager backend and plugin support IPv6. * The new wolfssl plugin is a wrapper around the wolfSSL crypto library. Thanks to Sean Parkinson of wolfSSL Inc. for the initial patch. * IKE SPIs may optionally be labeled via the charon.spi_mask|label options in strongswan.conf. This feature was extracted from charon-tkm, however, now applies the mask/label in network order. * The openssl plugin supports ChaCha20-Poly1305 when built with OpenSSL 1.1.0. * The PB-TNC finite state machine according to section 3.2 of RFC 5793 was not correctly implemented when sending either a CRETRY or SRETRY batch. These batches can only be sent in the 'Decided' state and a CRETRY batch can immediately carry all messages usually transported by a CDATA batch. It is currently not possible to send a SRETRY batch since full-duplex mode for PT-TLS transport is not supported. * Instead of marking IPv6 virtual IPs as deprecated, the kernel-netlink plugin now uses address labels to avoid that such addresses are used for non-VPN traffic (00a953d090). * The agent plugin now creates sockets to the ssh/gpg-agent dynamically and does not keep them open, which otherwise might prevent the agent from getting terminated. * To avoid broadcast loops the forecast plugin now only reinjects packets that are marked or received from the configured interface. * UTF-8 encoded passwords are supported via EAP-MSCHAPv2, which internally uses an UTF-16LE encoding to calculate the NT hash (#3014). * Properly delete temporary drop policies (used when updating IP addresses of SAs) if manual priorities are used, which was broken since 5.6.2 (8e31d65730). * Avoid overwriting start_action when parsing the inactivity timeout in the vici plugin (#2954). * Fixed the automatic termination of reloaded vici connections with start_action=start, which was broken since 5.6.3 (71b22c250f). * The lookup for shared secrets for IKEv1 SAs via sql plugin should now work better (6ec9f68f32). * Fixed a race condition in the trap manager between installation and removal of a policy (69cbe2ca3f). * The IPsec stack detection and module loading in starter has been removed (it wasn't enforced anyway and loading modules doesn't seem necessary, also KLIPS hasn't been supported for a long time and PF_KEY will eventually be removed from the Linux kernel, ba817d2917). * Several IKEv2 protocol details are now handled more strictly: Unrequested virtual IPs are ignored, CFG_REPLY payloads are ignored if no CFG_REQUEST payloads were sent, a USE TRANSPORT_MODE notify received from the responder is checked against the local configuration. * The keys and certificates used by the scenarios in the testing environment are now generated dynamically. Running the testing/scripts/build-certs script after creating the base and root images uses the pki utility installed in the latter to create the keys and certificates for all the CAs and in some cases for individual scenarios. These credentials are stored in the source tree, not the image, so this has to be called only once even if the images are later rebuilt. The script automatically (re-)rebuilds the guest images as that generates fresh CRLs and signs the DNS zones. The only keys/certificates currently not generated are the very large ones used by the ikev2/rw-eap-tls-fragments scenario. Version 5.7.2 * For RSA with PSS padding, the TPM 2.0 specification mandates the maximum salt length (as defined by the length of the key and hash). However, if the TPM is FIPS-168-4 compliant, the salt length equals the hash length. This is assumed for FIPS-140-2 compliant TPMs, but if that's not the case, it might be necessary to manually enable charon.plugins.tpm.fips_186_4 if the TPM doesn't use the maximum salt length. * Directories for credentials loaded by swanctl are now accessed relative to the loaded swanctl.conf file, in particular, when loading it from a custom location via --file argument. * The base directory, which is used if no custom location for swanctl.conf is specified, is now also configurable at runtime via SWANCTL_DIR environment variable. * If RADIUS Accounting is enabled, the eap-radius plugin will add the session ID (Acct-Session-Id) to Access-Request messages, which e.g. simplifies associating database entries for IP leases and accounting with sessions (the session ID does not change when IKE_SAs are rekeyed, #2853). * All IP addresses assigned by a RADIUS server are included in Accounting-Stop messages even if the client did not claim them, allowing to release them early in case of connection errors (#2856). * Selectors installed on transport mode SAs by the kernel-netlink plugin are now updated if an IP address changes (e.g. via MOBIKE) and it was part of the selectors. * No deletes are sent anymore when a rekeyed CHILD_SA expires (#2815). * The bypass-lan plugin now tracks interfaces to handle subnets that move from one interface to another and properly update associated routes (#2820). * Only valid and expected inbound IKEv2 messages are used to update the timestamp of the last received message (previously, retransmits also triggered an update). * IKEv2 requests from responders are now ignored until the IKE_SA is fully established (e.g. if a DPD request from the peer arrives before the IKE_AUTH response does, 46bea1add9). Delayed IKE_SA_INIT responses with COOKIE notifies we already recevied are ignored, they caused another reset of the IKE_SA previously (#2837). * Active and queued Quick Mode tasks are now adopted if the peer reauthenticates an IKEv1 SA while creating lots of CHILD_SAs. * Newer versions of the FreeBSD kernel add an SADB_X_EXT_SA2 extension to SADB_ACQUIRE messages, which allows the kernel-pfkey plugin to determine the reqid of the policy even if it wasn't installed by the daemon previously (e.g. when using FreeBSD's if_ipsec(4) VTIs, which install policies themselves, 872b9b3e8d). * Added support for RSA signatures with SHA-256 and SHA-512 to the agent plugin. For older versions of ssh/gpg-agent that only support SHA-1, IKEv2 signature authentication has to be disabled via charon.signature_authentication. * The sshkey and agent plugins support Ed25519/Ed448 SSH keys and signatures. * The openssl plugin supports X25519/X448 Diffie-Hellman and Ed25519/Ed448 keys and signatures when built against OpenSSL 1.1.1. * Support for Ed25519, ChaCha20/Poly1305, SHA-3 and AES-CCM were added to the botan plugin. * The mysql plugin now properly handles database connections with transactions under heavy load (#2779). * IP addresses in ha pools are now distributed evenly among all segments (#2828). * Private key implementations may optionally provide a list of supported signature schemes, which, as described above, is used by the tpm plugin because for each key on a TPM 2.0 the hash algorithm and for RSA also the padding scheme is predefined. * The testing environment is now based on Debian 9 (stretch) by default. This required some changes, in particular, updating to FreeRADIUS 3.x (which forced us to abandon the TNC@FHH patches and scenarios, 2fbe44bef3) and removing FIPS-enabled versions of OpenSSL (the FIPS module only supports OpenSSL 1.0.2). * Most test scenarios were migrated to swanctl. Version 5.7.1 * Fixes a vulnerability in the gmp plugin triggered by crafted certificates with RSA keys with very small moduli. When verifying signatures with such keys, the code patched with the fix for CVE-2018-16151/2 caused an integer underflow and subsequent heap buffer overflow that results in a crash of the daemon. * The vulnerability has been registered as CVE-2018-17540. Version 5.7.0 * Fixes a potential authorization bypass vulnerability in the gmp plugin that was caused by a too lenient verification of PKCS#1 v1.5 signatures. Several flaws could be exploited by a Bleichenbacher-style attack to forge signatures for low-exponent keys (i.e. with e=3). * CVE-2018-16151 has been assigned to the problem of accepting random bytes after the OID of the hash function in such signatures, and CVE-2018-16152 has been assigned to the issue of not verifying that the parameters in the ASN.1 algorithmIdentitifer structure is empty. Other flaws that don't lead to a vulnerability directly (e.g. not checking for at least 8 bytes of padding) have no separate CVE assigned. * Dots are not allowed anymore in section names in swanctl.conf and strongswan.conf. This mainly affects the configuration of file loggers. If the path for such a log file contains dots it now has to be configured in the new path setting within the arbitrarily renamed subsection in the filelog section. * Sections in swanctl.conf and strongswan.conf may now reference other sections. All settings and subsections from such a section are inherited. This allows to simplify configs as redundant information has only to be specified once and may then be included in other sections (see strongswan.conf for an example). * The originally selected IKE config (based on the IPs and IKE version) can now change if no matching algorithm proposal is found. This way the order of the configs doesn't matter that much anymore and it's easily possible to specify separate configs for clients that require weaker algorithms (instead of having to also add them in other configs that might be selected). * Support for Postquantum Preshared Keys for IKEv2 (draft-ietf-ipsecme-qr-ikev2) has been added. For an example refer to the swanctl/rw-cert-ppk scenario (or with EAP, or PSK authentication). * The new botan plugin is a wrapper around the Botan C++ crypto library. It requires a fairly recent build from Botan's master branch (or the upcoming 2.8.0 release). Thanks to Ren? Korthaus and his team from Rohde & Schwarz Cybersecurity for the initial patch and to Jack Lloyd for quickly adding missing functions to Botan's FFI (C89) interface. * Implementation of RFC 8412 'Software Inventory Message and Attributes (SWIMA) for PA-TNC'. * SWIMA subscription option sets CLOSE_WRITE trigger on apt history.log file resulting in a ClientRetry PB-TNC batch to initialize a new measurement cycle. The new imv/imc-swima plugins replace the previous imv/imc-swid plugins, which were removed. * Added support for fuzzing the PA-TNC (RFC 5792) and PB-TNC (RFC 5793) NEA protocols on Google's OSS-Fuzz infrastructure. * Support for version 2 of Intel's TPM2-TSS TGC Software Stack. The presence of the in-kernel /dev/tpmrm0 resource manager is automatically detected. * The pki tool accepts a xmppAddr otherName as a subjectAlternativeName using the syntax --san xmppaddr:<jid>. * swanctl.conf supports the configuration of marks the in- and/or outbound SA should apply to packets after processing on Linux. Configuring such a mark for outbound SAs requires at least a 4.14 kernel. The ability to set a mask and configuring a mark/mask for inbound SAs will be added with the upcoming 4.19 kernel. * New options in swanctl.conf allow configuring how/whether DF, ECN and DS fields in the IP headers are copied during IPsec processing. Controlling this is currently only possible on Linux. * The handling of sequence numbers in IKEv1 DPDs has been improved (#2714). * To avoid conflicts, the dhcp plugin now only uses the DHCP server port if explicitly configured. Version 5.6.3 * Fixed a DoS vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF. This vulnerability has been registered as CVE-2018-10811. * Fixed a vulnerability in the stroke plugin, which did not check the received length before reading a message from the socket. Unless a group is configured, root privileges are required to access that socket, so in the default configuration this shouldn't be an issue. This vulnerability has been registered as CVE-2018-5388. * CRLs that are not yet valid are now ignored to avoid problems in scenarios where expired certificates are removed from new CRLs and the clock on the host doing the revocation check is trailing behind that of the host issuing CRLs. Not doing this could result in accepting a revoked and expired certificate, if it's still valid according to the trailing clock but not contained anymore in not yet valid CRLs. * The issuer of fetched CRLs is now compared to the issuer of the checked certificate (#2608). * CRL validation results other than revocation (e.g. a skipped check because the CRL couldn't be fetched) are now stored also for intermediate CA certificates and not only for end-entity certificates, so a strict CRL policy can be enforced in such cases. * In compliance with RFC 4945, section 5.1.3.2, certificates used for IKE must now either not contain a keyUsage extension (like the ones generated by pki), or have at least one of the digitalSignature or nonRepudiation bits set. * New options for vici/swanctl allow forcing the local termination of an IKE_SA. This might be useful in situations where it's known the other end is not reachable anymore, or that it already removed the IKE_SA, so retransmitting a DELETE and waiting for a response would be pointless. * Waiting only a certain amount of time for a response (i.e. shorter than all retransmits would be) before destroying the IKE_SA is also possible by additionally specifying a timeout in the forced termination request. * When removing routes, the kernel-netlink plugin now checks if it tracks other routes for the same destination and replaces the installed route instead of just removing it. Same during installation, where existing routes previously weren't replaced. This should allow using traps with virtual IPs on Linux (#2162). * The dhcp plugin now only sends the client identifier DHCP option if the identity_lease setting is enabled (7b660944b6). It can also send identities of up to 255 bytes length, instead of the previous 64 bytes (30e886fe3b, 0e5b94d038). If a server address is configured, DHCP requests are now sent from port 67 instead of 68 to avoid ICMP port unreachables (becf027cd9). * The handling of faulty INVALID_KE_PAYLOAD notifies (e.g. one containing a DH group that wasn't proposed) during CREATE_CHILD_SA exchanges has been improved (#2536). * Roam events are now completely ignored for IKEv1 SAs (there is no MOBIKE to handle such changes properly). * ChaCha20/Poly1305 is now correctly proposed without key length (#2614). For compatibility with older releases the chacha20poly1305compat keyword may be included in proposals to also propose the algorithm with a key length (c58434aeff). * Configuration of hardware offload of IPsec SAs is now more flexible and allows a new setting (auto), which automatically uses it if the kernel and device both support it. If hw offload is set to yes and offloading is not supported, the CHILD_SA installation now fails. * The kernel-pfkey plugin optionally installs routes via internal interface (one with an IP in the local traffic selector). On FreeBSD, enabling this selects the correct source IP when sending packets from the gateway itself (e811659323). * SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1 (#2574). * The pki --verify tool may load CA certificates and CRLs from directories. * The IKE daemon now also switches to port 4500 if the remote port is not 500 (e.g. because the remote maps the response to a different port, as might happen on Azure), as long as the local port is 500 (85bfab621d). * Fixed an issue with DNS servers passed to NetworkManager in charon-nm (ee8c25516a). * Logged traffic selectors now always contain the protocol if either protocol or port are set (a36d8097ed). * Only the inbound SA/policy will be updated as reaction to IP address changes for rekeyed CHILD_SAs that are kept around. * The parser for strongswan.conf/swanctl.conf now accepts = characters in values without having to put the value in quotes (e.g. for Base64 encoded shared secrets). Notes for developers: * trap_manager_t: Trap policies are now unistalled by peer/child name and not the reqid. * No reqid is returned anymore when installing trap policies. * child_sa_t: A new state (CHILD_DELETED) is used for CHILD_SAs that have been deleted but not yet destroyed (after a rekeying CHILD_SAs are kept around for a while to process delayed packets). This way child_updown events are not triggered anymore for such SAs when an IKE_SA that has such CHILD_SAs assigned is deleted. Version 5.6.2 * Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation. One of the configurable parameters in algorithm identifier structures for RSASSA-PSS signatures is the mask generation function (MGF). Only MGF1 is currently specified for this purpose. However, this in turn takes itself a parameter that specifies the underlying hash function. strongSwan's parser did not correctly handle the case of this parameter being absent, causing an undefined data read. This vulnerability has been registered as CVE-2018-6459. * When rekeying IKEv2 IKE_SAs the previously negotiated DH group will be reused, instead of using the first configured group, which avoids an additional exchange if the peer previously selected a different DH group via INVALID_KE_PAYLOAD notify. The same is also done when rekeying CHILD_SAs except for the first rekeying of the CHILD_SA that was created with the IKE_SA, where no DH group was negotiated yet. Also, the selected DH group is moved to the front in all sent proposals that contain it and all proposals that don't are moved to the back in order to convey the preference for this group to the peer. * Handling of MOBIKE task queuing has been improved. In particular, the response to an address update (with NAT-D payloads) is not ignored anymore if only an address list update or DPD is queued as that could prevent updating the UDP encapsulation in the kernel. * On Linux, roam events may optionally be triggered by changes to the routing rules, which can be useful if routing rules (instead of e.g. route metrics) are used to switch from one to another interface (i.e. from one to another routing table). Since routing rules are currently not evaluated when doing route lookups this is only useful if the kernel-based route lookup is used (4664992f7d). * The fallback drop policies installed to avoid traffic leaks when replacing addresses in installed policies are now replaced by temporary drop policies, which also prevent acquires because we currently delete and reinstall IPsec SAs to update their addresses (35ef1b032d). * Access X.509 certificates held in non-volatile storage of a TPM 2.0 referenced via the NV index. Adding the --keyid parameter to pki --print allows to print private keys or certificates stored in a smartcard or a TPM 2.0. * Fixed proposal selection if a peer incorrectly sends DH groups in the ESP proposal during IKE_AUTH and also if a DH group is configured in the local ESP proposal and charon.prefer configured_proposals is disabled (d058fd3c32). * The lookup for PSK secrets for IKEv1 has been improved for certain scenarios (see #2497 for details). * MSKs received via RADIUS are now padded to 64 bytes to avoid compatibility issues with EAP-MSCHAPv2 and PRFs that have a block size < 64 bytes (e.g. AES-XCBC-PRF-128, see 73cbce6013). * The tpm_extendpcr command line tool extends a digest into a TPM PCR. * Ported the NetworkManager backend from the deprecated libnm-glib to libnm. * The save-keys debugging/development plugin saves IKE and/or ESP keys to files compatible with Wireshark. Version 5.6.1 * Several algorithms were removed from the default ESP/AH and IKE proposals in compliance with RFC 8221 and RFC 8247, respectively. Removed from the default ESP/AH proposal were the 3DES and Blowfish encryption algorithms and the HMAC-MD5 integrity algorithm. From the IKE default proposal the HMAC-MD5 integrity algorithm and the MODP-1024 Diffie-Hellman group were removed (the latter is significant for Windows clients in their default configuration). These algorithms may still be used in custom proposals. * Support for RSASSA-PSS signatures has been added. For compatibility with previous releases they are currently not used automatically, by default, to change that charon.rsa_pss may be enabled. To explicitly use or require such signatures during IKEv2 signature authentication (RFC 7427) ike:rsa/pss... authentication constraints may be used for specific connections (regardless of whether the strongswan.conf option above is enabled). Only the hash algorithm can be specified in such constraints, the MGF1 will be based on that hash and the salt length will equal the hash length (when verifying the salt length is not enforced). To enforce such signatures during PKI verification use rsa/pss... authentication constraints. * All pki commands that create certificates/CRLs can be made to sign with RSASSA-PSS instead of the classing PKCS#1 scheme with the --rsa-padding pss option. As with signatures during authentication, only the hash algorithm is configurable (via --digest option), the MGF1 will be based on that and the salt length will equal the hash length. * These signatures are supported by all RSA backends except pkcs11 (i.e. gmp, gcrypt, openssl). The gmp plugin requires the mgf1 plugin. Note that RSASSA-PSS algorithm identifiers and parameters in keys (public keys in certificates or private keys in PKCS#8 files) are currently not used as constraints. * The sec-updater tool checks for security updates in dpkg-based repositories (e.g. Debian/Ubuntu) and sets the security flags in the IMV policy database accordingly. Additionally for each new package version a SWID tag for the given OS and HW architecture is created and stored in the database. * Using the sec-updater.sh script template the lookup can be automated (e.g. via an hourly cron job). * When restarting an IKEv2 negotiation after receiving an INVALID_KE_PAYLOAD notify (or due to other reasons like too many retransmits) a new initiator SPI is allocated. This prevents issues caused by retransmits for IKE_SA_INIT messages. * Because the initiator SPI was previously reused when restarting the connection delayed responses for previous connection attempts were processed and might have caused fatal errors due to a failed DH negotiation or because of the internal retry counter in the ike-init task. For instance, if we proposed a DH group the responder rejected we might have later received delayed responses that either contained INVALID_KE_PAYLOAD notifies with the DH group we already switched to, or, if we retransmitted an IKE_SA_INIT with the requested group but then had to restart again, a KE payload with a group different from the one we proposed. * The introduction of file versions in the IMV database scheme broke file reference hash measurements. This has been fixed by creating generic product versions having an empty package name. * A new timeout option for the systime-fix plugin stops periodic system time checks after a while and enforces a certificate verification, closing or reauthenticating all SAs with invalid certificates. * The IKE event counters, previously only available via ipsec listcounters command, may now also be queried and reset via vici and the new swanctl --counters command. They are collected and provided by the optional counters plugin (enabled by default for backwards compatibility if the stroke plugin is built). * Class attributes received in RADIUS Access-Accept messages may optionally be added to RADIUS accounting messages (655924074b). * Basic support for systemd sockets has been added, which may be used for privilege separation (59db98fb94). * Inbound marks may optionally be installed in the SA again (was removed with 5.5.2) by enabling the mark_in_sa option in swanctl.conf. * The timeout of leases in pools configured via pool utility may be configured in other units than hours. INITIAL_CONTACT notifies are now only omitted if never is configured as uniqueness policy. * Outbound FWD policies for shunts are not installed anymore, by default (as is the case for other policies since 5.5.1). * Don't consider a DH group mismatch during CHILD_SA rekeying as failure as responder (e7276f78aa). * Handling of fragmented IPv4 and IPv6 packets in libipsec has been improved (e138003de9). * Trigger expire events for the correct IPsec SA in libipsec (6e861947a0). * A crash in CRL verification via openssl plugin using OpenSSL 1.1 has been fixed (78acaba6a1). * No hard-coded default proposals are passed from starter to the stroke plugin anymore (the IKE proposal used curve25519 since 5.5.2, which is an optional plugin). * A workaround for an issue with virtual IPs on macOS 10.13 (High Sierra) has been added (039b85dd43). * Handling of IKE_SA rekey collisions in charon-tkm has been fixed. * Instead of failing or just silently doing nothing unit tests may now warn about certain conditions (e.g. if a test was not executed due to external dependencies). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1079548 CVE-2018-6459 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin to version 4.9.5 fixes the following issues: - phpmyadmin was updated to 4.9.5: - CVE-2020-10804: Fixed an SQL injection in the user accounts page, particularly when changing a password (boo#1167335 PMASA-2020-2). - CVE-2020-10802: Fixed an SQL injection in the search feature (boo#1167336 PMASA-2020-3). - CVE-2020-10803: Fixed an SQL injection and XSS when displaying results (boo#1167337 PMASA-2020-4). - Removed the 'options' field for the external transformation. Moderate SUSE bug 1167335 SUSE bug 1167336 SUSE bug 1167337 CVE-2020-10802 CVE-2020-10803 CVE-2020-10804 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tor to version 0.3.5.10 fixes the following issues: - tor was updated to version 0.3.5.10: - CVE-2020-10592: Fixed a CPU consumption denial of service and timing patterns (boo#1167013) - CVE-2020-10593: Fixed a circuit padding memory leak (boo#1167014) Moderate SUSE bug 1167013 SUSE bug 1167014 CVE-2020-10592 CVE-2020-10593 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-mysql-connector-python fixes the following issues: python-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435): - WL#13531: Remove xplugin namespace - WL#13372: DNS SRV support - WL#12738: Specify TLS ciphers to be used by a client or session - BUG#30270760: Fix reserved filed should have a length of 22 - BUG#29417117: Close file in handle load data infile - WL#13330: Single C/Python (Win) MSI installer - WL#13335: Connectors should handle expired password sandbox without SET operations - WL#13194: Add support for Python 3.8 - BUG#29909157: Table scans of floats causes memory leak with the C extension - BUG#25349794: Add read_default_file alias for option_files in connect() - WL#13155: Support new utf8mb4 bin collation - WL#12737: Add overlaps and not_overlaps as operator - WL#12735: Add README.rst and CONTRIBUTING.rst files - WL#12227: Indexing array fields - WL#12085: Support cursor prepared statements with C extension - BUG#29855733: Fix error during connection using charset and collation combination - BUG#29833590: Calling execute() should fetch active results - BUG#21072758: Support for connection attributes classic - WL#12864: Upgrade of Protobuf version to 3.6.1 - WL#12863: Drop support for Django versions older than 1.11 - WL#12489: Support new session reset functionality - WL#12488: Support for session-connect-attributes - WL#12297: Expose metadata about the source and binaries - WL#12225: Prepared statement support - BUG#29324966: Add missing username connection argument for driver compatibility - BUG#29278489: Fix wrong user and group for Solaris packages - BUG#29001628: Fix access by column label in Table.select() - BUG#28479054: Fix Python interpreter crash due to memory corruption - BUG#27897881: Empty LONG BLOB throws an IndexError - BUG#29260128: Disable load data local infile by default - WL#12607: Handling of Default Schema - WL#12493: Standardize count method - WL#12492: Be prepared for initial notice on connection - BUG#28646344: Remove expression parsing on values - BUG#28280321: Fix segmentation fault when using unicode characters in tables - BUG#27794178: Using use_pure=False should raise an error if cext is not available - BUG#27434751: Add a TLS/SSL option to verify server name - WL#12239: Add support for Python 3.7 - WL#12226: Implement connect timeout - WL#11897: Implement connection pooling for xprotocol - BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls - BUG#28037275: Missing bind parameters causes segfault or unclear error message - BUG#27528819: Support special characters in the user and password using URI - WL#11951: Consolidate discrepancies between pure and c extension - WL#11932: Remove Fabric support - WL#11898: Core API v1 alignment - BUG#28188883: Use utf8mb4 as the default character set - BUG#28133321: Fix incorrect columns names representing aggregate functions - BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues - BUG#27567999: Fix wrong docstring in ModifyStatement.patch() - BUG#27277937: Fix confusing error message when using an unsupported collation - BUG#26834200: Deprecate Row.get_string() method - BUG#26660624: Fix missing install option in documentation - WL#11668: Add SHA256_MEMORY authentication mechanism - WL#11614: Enable C extension by default - WL#11448: New document _id generation support - WL#11282: Support new locking modes NOWAIT and SKIP LOCKED - BUG#27639119: Use a list of dictionaries to store warnings - BUG#27634885: Update error codes for MySQL 8.0.11 - BUG#27589450: Remove upsert functionality from WriteStatement class - BUG#27528842: Fix internal queries open for SQL injection - BUG#27364914: Cursor prepared statements do not convert strings - BUG#24953913: Fix failing unittests - BUG#24948205: Results from JSON_TYPE() are returned as bytearray - BUG#24948186: JSON type results are bytearray instead of corresponding python type - WL#11372: Remove configuration API - WL#11303: Remove CreateTable and CreateView - WL#11281: Transaction savepoints - WL#11278: Collection.create_index - WL#11149: Create Pylint test for mysqlx - WL#11142: Modify/MergePatch - WL#11079: Add support for Python 3.6 - WL#11073: Add caching_sha2_password authentication plugin - WL#10975: Add Single document operations - WL#10974: Add Row locking methods to find and select operations - WL#10973: Allow JSON types as operands for IN operator - WL#10899: Add support for pure Python implementation of Protobuf - WL#10771: Add SHA256 authentication - WL#10053: Configuration handling interface - WL#10772: Cleanup Drop APIs - WL#10770: Ensure all Session connections are secure by default - WL#10754: Forbid modify() and remove() with no condition - WL#10659: Support utf8mb4 as default charset - WL#10658: Remove concept of NodeSession - WL#10657: Move version number to 8.0 - WL#10198: Add Protobuf C++ extension implementation - WL#10004: Document UUID generation - BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7 - BUG#26161838: Dropping an non-existing index should succeed silently - BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete() - BUG#26029811: Improve error thrown when using an invalid parameter in bind() - BUG#25991574: Fix Collection.remove() and Table.delete() missing filters - WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX - WL#10081: DevAPI: IPv6 support - BUG#25614860: Fix defined_as method in the view creation - BUG#25519251: SelectStatement does not implement order_by() method - BUG#25436568: Update available operators for XPlugin - BUG#24954006: Add missing items in CHANGES.txt - BUG#24578507: Fix import error using Python 2.6 - BUG#23636962: Fix improper error message when creating a Session - BUG#23568207: Fix default aliases for projection fields - BUG#23567724: Fix operator names - DevAPI: Schema.create_table - DevAPI: Flexible Parameter Lists - DevAPI: New transports: Unix domain socket - DevAPI: Core TLS/SSL options for the mysqlx URI scheme - DevAPI: View DDL with support for partitioning in a cluster / sharding - BUG#24520850: Fix unexpected behavior when using an empty collection name - Add support for Protocol Buffers 3 - Add View support (without DDL) - Implement get_default_schema() method in BaseSchema - DevAPI: Per ReplicaSet SQL execution - DevAPI: XSession accepts a list of routers - DevAPI: Define action on adding empty list of documents - BUG#23729357: Fix fetching BIT datatype - BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject - BUG#23568257: Add fetch_one method to mysqlx.result - BUG#23550743: Add close method to XSession and NodeSession - BUG#23550057: Add support for URI as connection data - Provide initial implementation of new DevAPI Moderate SUSE bug 1122204 CVE-2019-2435 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for GraphicsMagick fixes the following issues: - CVE-2019-12921: Fixed an issue where text filename components potentially coulf have allowed reading of arbitrary files via TranslateTextEx (boo#1167208). - CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImages (boo#1167623). Moderate SUSE bug 1167208 SUSE bug 1167623 CVE-2019-12921 CVE-2020-10938 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-nltk fixes the following issues: Update to 3.4.5 (boo#1146427, CVE-2019-14751): * CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the unlikely situation where a user configures their downloader to use a compromised server (boo#1146427) Update to 3.4.4: * fix bug in plot function (probability.py) * add improved PanLex Swadesh corpus reader * add Text.generate() * add QuadgramAssocMeasures * add SSP to tokenizers * return confidence of best tag from AveragedPerceptron * make plot methods return Axes objects * don't require list arguments to PositiveNaiveBayesClassifier.train * fix Tree classes to work with native Python copy library * fix inconsistency for NomBank * fix random seeding in LanguageModel.generate * fix ConditionalFreqDist mutation on tabulate/plot call * fix broken links in documentation * fix misc Wordnet issues * update installation instructions Version update to 3.4.1: * add chomsky_normal_form for CFGs * add meteor score * add minimum edit/Levenshtein distance based alignment function * allow access to collocation list via text.collocation_list() * support corenlp server options * drop support for Python 3.4 * other minor fixes Update to v3.4: * Support Python 3.7 * New Language Modeling package * Cistem Stemmer for German * Support Russian National Corpus incl POS tag model * Krippendorf Alpha inter-rater reliability test * Comprehensive code clean-ups * Switch continuous integration from Jenkins to Travis Updated to v3.3: * Support Python 3.6 * New interface to CoreNLP * Support synset retrieval by sense key * Minor fixes to CoNLL Corpus Reader * AlignedSent * Fixed minor inconsistencies in APIs and API documentation * Better conformance to PEP8 * Drop Moses Tokenizer (incompatible license) Moderate SUSE bug 1146427 CVE-2019-14751 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ldns fixes the following issues: - CVE-2017-1000231: Fixed a buffer overflow during token parsing (bsc#1068711). - CVE-2017-1000232: Fixed a double-free vulnerability in str2host.c (bsc#1068709). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1068709 SUSE bug 1068711 CVE-2017-1000231 CVE-2017-1000232 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for haproxy fixes the following issues: - CVE-2020-11100: Fixed an H2/HPAC vulnerability ch might have allowed arbitrary writes into a 32-bit relative address space (bsc#1168023). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1168023 CVE-2020-11100 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for spamassassin fixes the following issues: Security issues fixed: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Non-security issue fixed: - Altering hash requires restarting loop (bsc#862963). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 SUSE bug 862963 CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes: - Update to Docker 19.03.5-ce (bsc#1158590). - Update to Docker 19.03.3-ce (bsc#1153367). - Update to Docker 19.03.2-ce (bsc#1150397). - Fixed default installation such that --userns-remap=default works properly (bsc#1143349). - Fixed nginx blocked by apparmor (bsc#1122469). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1122469 SUSE bug 1143349 SUSE bug 1150397 SUSE bug 1152308 SUSE bug 1153367 SUSE bug 1158590 CVE-2019-16884 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1166844 CVE-2020-10531 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 Mozilla Firefox was updated to 68.6.1esr to fix critical security issues: MFSA 2020-11 (boo#1168630) * CVE-2020-6819: Use-after-free while running the nsDocShell destructor * CVE-2020-6820: Use-after-free when handling a ReadableStream Critical SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1167631 CVE-2020-1752 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for qemu fixes the following issues: - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1161066). - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation (bsc#1166379). - CVE-2020-1711: Fixed an out of bounds heap buffer access iscsi_co_block_status() routine which could have allowed a remote denial of service or arbitrary code with privileges of the QEMU process on the host (bsc#1166240). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() routine while emulating the identification protocol and copying message data to a socket buffer (bsc#1123156). - CVE-2020-8608: Fixed a heap buffer overflow in tcp_emu() routine while emulating IRC and other protocols (bsc#1163018). - CVE-2019-20382: Fixed a memory leak in the VNC display driver which could have led to exhaustion of the host memory leading to a potential Denial of service (bsc#1165776). - Fixed a live migration error (bsc#1154790). - Fixed an issue where migrating VMs on KVM gets missing features:ospke error (bsc#1162729). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1123156 SUSE bug 1154790 SUSE bug 1161066 SUSE bug 1162729 SUSE bug 1163018 SUSE bug 1165776 SUSE bug 1166240 SUSE bug 1166379 CVE-2019-15034 CVE-2019-20382 CVE-2019-6778 CVE-2020-1711 CVE-2020-7039 CVE-2020-8608 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bluez fixes the following issues: - CVE-2020-0556: Fixed an improper access control which could have allowed an unauthenticated user to potentially enable escalation of privilege and denial of service (bsc#1166751). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1166751 CVE-2020-0556 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for exiv2 fixes the following issues: exiv2 was updated to latest 0.26 branch, fixing bugs and security issues: - CVE-2017-1000126: Fixed an out of bounds read in webp parser (bsc#1068873). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). - CVE-2018-12264: Fixed an integer overflow in LoaderTiff::getData() which might have led to an out-of-bounds read (bsc#1097600). - CVE-2018-12265: Fixed integer overflows in LoaderExifJpeg which could have led to memory corruption (bsc#1097599). - CVE-2018-17229: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109175). - CVE-2018-17230: Fixed a heap based buffer overflow in Exiv2::d2Data via a crafted image (bsc#1109176). - CVE-2018-17282: Fixed a null pointer dereference in Exiv2::DataValue::copy (bsc#1109299). - CVE-2018-19108: Fixed an integer overflow in Exiv2::PsdImage::readMetadata which could have led to infinite loop (bsc#1115364). - CVE-2018-19607: Fixed a null pointer dereference in Exiv2::isoSpeed which might have led to denial of service (bsc#1117513). - CVE-2018-9305: Fixed an out of bounds read in IptcData::printStructure which might have led to to information leak or denial of service (bsc#1088424). - CVE-2019-13114: Fixed a null pointer dereference which might have led to denial of service via a crafted response of an malicious http server (bsc#1142684). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1040973 SUSE bug 1068873 SUSE bug 1088424 SUSE bug 1097599 SUSE bug 1097600 SUSE bug 1109175 SUSE bug 1109176 SUSE bug 1109299 SUSE bug 1115364 SUSE bug 1117513 SUSE bug 1142684 CVE-2017-1000126 CVE-2017-9239 CVE-2018-12264 CVE-2018-12265 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-19108 CVE-2018-19607 CVE-2018-9305 CVE-2019-13114 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gnuhealth fixes the following issues: - Fixed a local privilege escalation in gnuhealth-control, use of static tmp file/http transport (bsc#1167126) - Fixed a local DoS of backup functionality in gnuhealth-control due to use of static tmp files (bsc#1167128) Moderate SUSE bug 1167126 SUSE bug 1167128 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for exim fixes the following issues: - CVE-2020-8015: Fixed a local privilege escalation from user mail to root (boo#1154183). Moderate SUSE bug 1154183 SUSE bug 1160726 CVE-2020-8015 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ceph fixes the following issues: - CVE-2020-1759: Fixed once reuse in msgr V2 secure mode (bsc#1166403) - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting (bsc#1166484). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1166403 SUSE bug 1166484 CVE-2020-1759 CVE-2020-1760 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nagios to version 4.4.5 fixes the following issues: - CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309) - CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832) - CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service vulnerabilities caused by null pointer dereference (boo#1101293, boo#1101289, boo#1101290). Moderate SUSE bug 1028975 SUSE bug 1119832 SUSE bug 1156309 CVE-2018-13441 CVE-2018-13457 CVE-2018-13458 CVE-2018-18245 CVE-2019-3698 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1152692 SUSE bug 1155327 SUSE bug 1166881 SUSE bug 1168345 CVE-2020-11501 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mgetty fixes the following issues: - CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770). - Fixed a permission issue which have resulted in build failures (bsc#1168170). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1142770 SUSE bug 1168170 CVE-2019-1010190 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1165439 CVE-2020-1747 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1168699 CVE-2020-1730 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for permissions fixes the following issues: - Fixed spelling of icinga group (bsc#1168364) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1168364 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ansible to version 2.9.6 fixes the following issues: Security issues fixed: - CVE-2019-14904: Fixed a vulnerability in solaris_zone module via crafted solaris zone (boo#1157968). - CVE-2019-14905: Fixed an issue where malicious code could craft filename in nxos_file_copy module (boo#1157969). - CVE-2019-14864: Fixed Splunk and Sumologic callback plugins leak sensitive data in logs (boo#1154830). - CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded to DEBUG level (boo#1153452) - CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (boo#1154232) - CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked and will be displayed when run with increased verbosity (boo#1154231) - CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. (boo#1142690) - CVE-2019-10217: Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. (boo#1144453) Moderate SUSE bug 1137479 SUSE bug 1142542 SUSE bug 1142690 SUSE bug 1144453 SUSE bug 1153452 SUSE bug 1154231 SUSE bug 1154232 SUSE bug 1154830 SUSE bug 1157968 SUSE bug 1157969 CVE-2019-10206 CVE-2019-10217 CVE-2019-14846 CVE-2019-14856 CVE-2019-14858 CVE-2019-14864 CVE-2019-14904 CVE-2019-14905 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 81.0.4044.92 boo#1168911: * CVE-2020-6454: Use after free in extensions * CVE-2020-6423: Use after free in audio * CVE-2020-6455: Out of bounds read in WebSQL * CVE-2020-6430: Type Confusion in V8 * CVE-2020-6456: Insufficient validation of untrusted input in clipboard * CVE-2020-6431: Insufficient policy enforcement in full screen * CVE-2020-6432: Insufficient policy enforcement in navigations * CVE-2020-6433: Insufficient policy enforcement in extensions * CVE-2020-6434: Use after free in devtools * CVE-2020-6435: Insufficient policy enforcement in extensions * CVE-2020-6436: Use after free in window management * CVE-2020-6437: Inappropriate implementation in WebView * CVE-2020-6438: Insufficient policy enforcement in extensions * CVE-2020-6439: Insufficient policy enforcement in navigations * CVE-2020-6440: Inappropriate implementation in extensions * CVE-2020-6441: Insufficient policy enforcement in omnibox * CVE-2020-6442: Inappropriate implementation in cache * CVE-2020-6443: Insufficient data validation in developer tools * CVE-2020-6444: Uninitialized Use in WebRTC * CVE-2020-6445: Insufficient policy enforcement in trusted types * CVE-2020-6446: Insufficient policy enforcement in trusted types * CVE-2020-6447: Inappropriate implementation in developer tools * CVE-2020-6448: Use after free in V8 Chromium was updated to 80.0.3987.162 boo#1168421: * CVE-2020-6450: Use after free in WebAudio. * CVE-2020-6451: Use after free in WebAudio. * CVE-2020-6452: Heap buffer overflow in media. - Use a symbolic icon for GNOME Important SUSE bug 1167465 SUSE bug 1168421 SUSE bug 1168911 CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird to version 68.7.0 fixes the following issues: - CVE-2020-6819: Use-after-free while running the nsDocShell destructor (boo#1168630) - CVE-2020-6820: Use-after-free when handling a ReadableStream (boo#1168630) - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage() (boo#1168874) - CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images (boo#1168874) - CVE-2020-6825: Memory safety bugs fixed (boo#1168874) Important SUSE bug 1168630 SUSE bug 1168874 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mp3gain fixes the following issues: Update to version 1.6.2. - CVE-2019-18359: Fixed a buffer over-read was discovered in ReadMP3APETag (boo#1154971) Moderate SUSE bug 1154971 CVE-2017-12911 CVE-2019-18359 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for git fixes the following issues: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1168930 CVE-2020-5260 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gstreamer-rtsp-server fixes the following issues: - CVE-2020-6095: Fixed a NULL pointer dereference when handling an invalid basic Authorization header (boo#1168026). Moderate SUSE bug 1168026 CVE-2020-6095 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 81.0.4044.113 (boo#1169729): - CVE-2020-6457: Fixed a use after free in speech recognizer Critical SUSE bug 1169729 CVE-2020-6457 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-11669: An issue was discovered on the powerpc platform. arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd (bnc#1169390). - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ('KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures') 87a11bb6a7f7 ('KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode') (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4 (bnc#1168424). - CVE-2019-9458: In the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1168295). - CVE-2019-3701: An issue was discovered in can_can_gw_rcv in net/can/gw.c. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user 'root' with CAP_NET_ADMIN can create a CAN frame modification rule that made the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames (bnc#1120386). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacked validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-19770: A use-after-free in the debugfs_remove function in fs/debugfs/inode.c was fixed. (bnc#1159198). The following non-security bugs were fixed: - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Add snd_device_get_state() helper (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA X99 Classified motherboard (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662 (git-fixes). - ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662 (git-fixes). - ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups (bsc#1051510). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda/realtek - a fake key event is triggered by running shutup (bsc#1051510). - ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hda: default enable CA0132 DSP support (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510). - ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510). - ALSA: pcm: Use a macro for parameter masks to reduce the needed cast (bsc#1051510). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write (bsc#1051510). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usb-audio: Add delayed_register option (bsc#1051510). - ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510). - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) (bsc#1051510). - ALSA: usb-audio: Do not create a mixer element with bogus volume range (bsc#1051510). - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor (bsc#1051510). - ALSA: usb-audio: Fix mixer controls' USB interface for Kingston HyperX Amp (0951:16d8) (bsc#1051510). - ALSA: usb-audio: Inform devices that need delayed registration (bsc#1051510). - ALSA: usb-audio: Parse source ID of UAC2 effect unit (bsc#1051510). - ALSA: usb-audio: Rewrite registration quirk handling (bsc#1051510). - ALSA: usb-midi: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: usx2y: use for_each_pcm_streams() macro (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - Btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - Btrfs: do not reset bio->bi_ops while writing bio (bsc#1168273). - Btrfs: fix missing delayed iputs on unmount (bsc#1165949). - Btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - Btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - Btrfs: fix unwritten extent buffers and hangs on future writeback attempts (bsc#1168273). - Btrfs: make plug in writing meta blocks really work (bsc#1168273). - Btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - Btrfs: remove bio_flags which indicates a meta block of log-tree (bsc#1168273). - Crypto: chelsio - Fixes a deadlock between rtnl_lock and uld_mutex (bsc#1111666). - Crypto: chelsio - Fixes a hang issue during driver registration (bsc#1111666). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - PCI/AER: Factor message prefixes with dev_fmt() (bsc#1161561). - PCI/AER: Log which device prevents error recovery (bsc#1161561). - PCI/AER: Remove ERR_FATAL code from ERR_NONFATAL path (bsc#1161561). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI/ERR: Always report current recovery status for udev (bsc#1161561). - PCI/ERR: Handle fatal error recovery (bsc#1161561). - PCI/ERR: Remove duplicated include from err.c (bsc#1161561). - PCI/ERR: Simplify broadcast callouts (bsc#1161561). - PCI/portdrv: Remove pcie_port_bus_type link order dependency (bsc#1161561). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - PCI: Simplify disconnected marking (bsc#1161561). - PCI: Unify device inaccessible (bsc#1161561). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI: portdrv: Initialize service drivers directly (bsc#1161561). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013). - apei/ghes: Do not delay GHES polling (bsc#1166982). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - binfmt_elf: Do not move brk for INTERP-less ET_EXEC (bsc#1169013). - binfmt_elf: move brk out of mmap when doing direct loader exec (bsc#1169013). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - bnxt_en: Support all variants of the 5750X chip family (bsc#1167216). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1111666). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: Do mandatory tree block check before submitting bio (bsc#1168273). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: Remove redundant mirror_num arg (bsc#1168273). - btrfs: Rename bin_search -> btrfs_bin_search (bsc#1168273). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer (bsc#1168273). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop get_extent from extent_page_data (bsc#1168273). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: extent_io: Handle errors better in btree_write_cache_pages() (bsc#1168273). - btrfs: extent_io: Handle errors better in extent_write_full_page() (bsc#1168273). - btrfs: extent_io: Handle errors better in extent_write_locked_range() (bsc#1168273). - btrfs: extent_io: Handle errors better in extent_writepages() (bsc#1168273). - btrfs: extent_io: Kill dead condition in extent_write_cache_pages() (bsc#1168273). - btrfs: extent_io: Kill the forward declaration of flush_write_bio (bsc#1168273). - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up (bsc#1168273). - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() (bsc#1168273). - btrfs: factor our read/write stage off csum_tree_block into its callers (bsc#1168273). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: merge two flush_write_bio helpers (bsc#1168273). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: qgroup: Do not hold qgroup_ioctl_lock in btrfs_qgroup_inherit() (bsc#1165823). - btrfs: qgroup: Mark qgroup inconsistent if we're inherting snapshot to a new qgroup (bsc#1165823). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: sink extent_write_full_page tree argument (bsc#1168273). - btrfs: sink extent_write_locked_range tree parameter (bsc#1168273). - btrfs: sink flush_fn to extent_write_cache_pages (bsc#1168273). - btrfs: sink get_extent parameter to extent_write_full_page (bsc#1168273). - btrfs: sink get_extent parameter to extent_write_locked_range (bsc#1168273). - btrfs: sink get_extent parameter to extent_fiemap (bsc#1168273). - btrfs: sink get_extent parameter to extent_readpages (bsc#1168273). - btrfs: sink get_extent parameter to extent_writepages (bsc#1168273). - btrfs: sink get_extent parameter to get_extent_skip_holes (bsc#1168273). - btrfs: sink writepage parameter to extent_write_cache_pages (bsc#1168273). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: switch to on-stack csum buffer in csum_tree_block (bsc#1168273). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: tree-checker: Remove comprehensive root owner check (bsc#1168273). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: unify extent_page_data type passed as void (bsc#1168273). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL (bsc#1169307). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: ignore cached share root handle closing errors (bsc#1166780). - clk: imx: Align imx sc clock msg structs to 4 (bsc#1111666). - clk: imx: Align imx sc clock msg structs to 4 (git-fixes). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - drm/amd/amdgpu: Fix GPR read from debugfs (v2) (bsc#1113956) - drm/amd/display: Add link_rate quirk for Apple 15' MBP 2017 (bsc#1111666). - drm/amd/display: Fix wrongly passed static prefix (bsc#1111666). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdgpu: fix typo for vcn1 idle check (bsc#1111666). - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/exynos: dsi: fix workaround for the legacy clock name (bsc#1111666). - drm/exynos: dsi: propagate error value and silence meaningless warning (bsc#1111666). - drm/lease: fix WARNING in idr_destroy (bsc#1113956) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/sun4i: dsi: Use NULL to signify 'no panel' (bsc#1111666). - drm/v3d: Replace wait_for macros to remove use of msleep (bsc#1111666). - drm/vc4: Fix HDMI mode validation (git-fixes). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - efi: Do not attempt to map RCI2 config table if it does not exist (jsc#ECO-366, bsc#1168367). - efi: Export Runtime Configuration Interface table to sysfs (jsc#ECO-366, bsc#1168367). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - efi: x86: move efi_is_table_address() into arch/x86 (jsc#ECO-366, bsc#1168367). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - firmware: arm_sdei: fix double-lock on hibernate with shared events (bsc#1111666). - firmware: arm_sdei: fix possible double-lock on hibernate error path (bsc#1111666). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16480: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - ipmi: fix hung processes in __get_guid() (bsc#1111666). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - kABI workaround for pcie_port_bus_type change (bsc#1161561). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kabi fix for (bsc#1168202). - libceph: fix alloc_msg_with_page_vector() memory leaks (bsc#1169308). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lpfc: add support for translating an RSCN rcv into a discovery rescan (bsc#1164777 bsc#1164780 bsc#1165211). - lpfc: add support to generate RSCN events for nport (bsc#1164777 bsc#1164780 bsc#1165211). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - nvme-multipath: also check for a disabled path if there is a single sibling (bsc#1158983). - nvme-multipath: do not select namespaces which are about to be removed (bsc#1158983). - nvme-multipath: factor out a nvme_path_is_disabled helper (bsc#1158983). - nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (bsc#1158983). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - nvme-multipath: fix possible io hang after ctrl reconnect (bsc#1158983). - nvme-multipath: remove unused groups_only mode in ana log (bsc#1158983). - nvme-multipath: round-robin I/O policy (bsc#1158983). - nvme: fix a possible deadlock when passthru commands sent to a multipath device (bsc#1158983). - nvme: fix controller removal race with scan work (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (bsc#1142685 ltc#179509). - powerpc/pseries/iommu: Fix set but not used values (bsc#1142685 ltc#179509). - powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation (bsc#1142685 ltc#179509). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - s390/qeth: fix potential deadlock on workqueue flush (bsc#1165185 LTC#184108). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - scsi: lpfc: Change default SCSI LUN QD to 64 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Clean up hba max_lun_queue_depth checks (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Copyright updates for 12.6.0.4 patches (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix Fabric hostname registration if system hostname changes (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix MDS Latency Diagnostics Err-drop rates (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix broken Credit Recovery after driver load (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix compiler warning on frame size (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix coverity errors in fmdi attribute handling (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix crash after handling a pci error (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix disablement of FC-AL on lpe35000 models (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix driver nvme rescan logging (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix erroneous cpu limit of 128 on I/O statistics (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix improper flag check for IO type (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix lockdep error - register non-static key (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix lpfc_io_buf resource leak in lpfc_get_scsi_buf_s4 error path (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix missing check for CSF in Write Object Mbox Rsp (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix ras_log via debugfs (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix registration of ELS type support in fdmi (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix release of hwq to clear the eq relationship (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix scsi host template for SLI3 vports (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix unmap of dpp bars affecting next driver load (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix update of wq consumer index in lpfc_sli4_wq_release (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Make debugfs ktime stats generic for NVME and SCSI (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Remove handler for obsolete ELS - Read Port Status (RPS) (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Remove prototype FIPS/DSS options from SLI-3 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Update lpfc version to 12.6.0.3 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Update lpfc version to 12.6.0.4 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: Update lpfc version to 12.8.0.0 (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: add RDF registration and Link Integrity FPIN logging (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: fix spelling mistake 'Notication' -> 'Notification' (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1164777 bsc#1164780 bsc#1165211). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - swiotlb: do not panic on mapping failures (bsc#1162171). - swiotlb: remove the overflow buffer (bsc#1162171). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - usb: audio-v2: Add uac2_effect_unit_descriptor definition (bsc#1051510). - usb: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - usb: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - usb: dwc2: Fix in ISOC request length checking (git-fixes). - usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - usb: host: xhci-plat: add a shutdown (git-fixes). - usb: musb: Disable pullup at init (git-fixes). - usb: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - usb: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - usb: storage: Add quirk for Samsung Fit flash (git-fixes). - usb: uas: fix a plug & unplug racing (git-fixes). - usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - virtio-blk: improve virtqueue error to BLK_STS (bsc#1167627). - virtio_ring: fix unmap of indirect descriptors (bsc#1162171). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). Important SUSE bug 1051510 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1109911 SUSE bug 1111666 SUSE bug 1113956 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1137325 SUSE bug 1142685 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1148868 SUSE bug 1157424 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1161561 SUSE bug 1161951 SUSE bug 1162171 SUSE bug 1163403 SUSE bug 1163897 SUSE bug 1164284 SUSE bug 1164777 SUSE bug 1164780 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165182 SUSE bug 1165185 SUSE bug 1165211 SUSE bug 1165823 SUSE bug 1165949 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1166982 SUSE bug 1167005 SUSE bug 1167216 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167627 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168273 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168367 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168552 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169013 SUSE bug 1169057 SUSE bug 1169307 SUSE bug 1169308 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8834 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird to version 68.7.0 fixes the following issues: - CVE-2020-6819: Use-after-free while running the nsDocShell destructor (boo#1168630) - CVE-2020-6820: Use-after-free when handling a ReadableStream (boo#1168630) - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage() (boo#1168874) - CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images (boo#1168874) - CVE-2020-6825: Memory safety bugs fixed (boo#1168874) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1168630 SUSE bug 1168874 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for vlc fixes the following issues: vlc was updated to version 3.0.9.2: + Misc: Properly bump the version in configure.ac. Changes from version 3.0.9.1: + Misc: Fix VLSub returning 401 for earch request. Changes from version 3.0.9: + Core: Work around busy looping when playing an invalid item through VLM. + Access: * Multiple dvdread and dvdnav crashs fixes * Fixed DVD glitches on clip change * Fixed dvdread commands/data sequence inversion in some cases causing unwanted glitches * Better handling of authored as corrupted DVD * Added libsmb2 support for SMB2/3 shares + Demux: * Fix TTML entities not passed to decoder * Fixed some WebVTT styling tags being not applied * Misc raw H264/HEVC frame rate fixes * Fix adaptive regression on TS format change (mostly HLS) * Fixed MP4 regression with twos/sowt PCM audio * Fixed some MP4 raw quicktime and ms-PCM audio * Fixed MP4 interlacing handling * Multiple adaptive stack (DASH/HLS/Smooth) fixes * Enabled Live seeking for HLS * Fixed seeking in some cases for HLS * Improved Live playback for Smooth and DASH * Fixed adaptive unwanted end of stream in some cases * Faster adaptive start and new buffering control options + Packetizers: * Fixes H264/HEVC incomplete draining in some cases * packetizer_helper: Fix potential trailing junk on last packet * Added missing drain in packetizers that was causing missing last frame or audio * Improved check to prevent fLAC synchronization drops + Decoder: * avcodec: revector video decoder to fix incomplete drain * spudec: implemented palette updates, fixing missing subtitles on some DVD * Fixed WebVTT CSS styling not being applied on Windows/macOS * Fixed Hebrew teletext pages support in zvbi * Fixed Dav1d aborting decoding on corrupted picture * Extract and display of all CEA708 subtitles * Update libfaad to 2.9.1 * Add DXVA support for VP9 Profile 2 (10 bits) * Mediacodec aspect ratio with Amazon devices + Audio output: * Added support for iOS audiounit audio above 48KHz * Added support for amem audio up to 384KHz + Video output: * Fix for opengl glitches in some drivers * Fix GMA950 opengl support on macOS * YUV to RGB StretchRect fixes with NVIDIA drivers * Use libpacebo new tone mapping desaturation algorithm + Text renderer: * Fix crashes on macOS with SSA/ASS subtitles containing emoji * Fixed unwanted growing background in Freetype rendering and Y padding + Mux: Fixed some YUV mappings + Service Discovery: Update libmicrodns to 0.1.2. + Misc: * Update YouTube, SoundCloud and Vocaroo scripts: this restores playback of YouTube URLs. * Add missing .wpl & .zpl file associations on Windows * Improved chromecast audio quality Update to version 3.0.8 'vetinari': + Fix stuttering for low framerate videos + Improve adaptive streaming + Improve audio output for external audio devices on macOS/iOS + Fix hardware acceleration with Direct3D11 for some AMD drivers + Fix WebVTT subtitles rendering + Vetinari is a major release changing a lot in the media engine of VLC. It is one of the largest release we've ever done. Notably, it: - activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits, allowing 4K60 or even 8K decoding with little CPU consumption, - merges all the code from the mobile ports into the same codebase with common numbering and releases, - supports 360 video and 3D audio, and prepares for VR content, - supports direct HDR and HDR tone-mapping, - updates the audio passthrough for HD Audio codecs, - allows browsing of local network drives like SMB, FTP, SFTP, NFS... - stores the passwords securely, - brings a new subtitle rendering engine, supporting ComplexTextLayout and font fallback to support multiple languages and fonts, - supports ChromeCast with the new renderer framework, - adds support for numerous new formats and codecs, including WebVTT, AV1, TTML, HQX, 708, Cineform, and many more, - improves Bluray support with Java menus, aka BD-J, - updates the macOS interface with major cleaning and improvements, - support HiDPI UI on Windows, with the switch to Qt5, - prepares the experimental support for Wayland on Linux, and switches to OpenGL by default on Linux. + Security fixes included: * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) * Fix a read buffer overflow in the FAAD decoder * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) * Fix a use after free in the ASF demuxer (CVE-2019-14533) * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) * Fix a null dereference in the dvdnav demuxer * Fix a null dereference in the ASF demuxer (CVE-2019-14534) * Fix a null dereference in the AVI demuxer * Fix a division by zero in the CAF demuxer (CVE-2019-14498) * Fix a division by zero in the ASF demuxer (CVE-2019-14535) - Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available. - Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some image loading libraries (libpng, libjpeg, ...) which are either wrapped by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so). Moderate SUSE bug 1142161 SUSE bug 1146428 CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for crawl fixes the following issues: * CVE-2020-11722: Fixed a remote code evaluation issue with lua loadstring (boo#1169381) Update to version 0.24.0 * Vampire species simplified * Thrown weapons streamlined * Fedhas reimagined * Sif Muna reworked Update to version 0.23.2 * Trap system overhaul * New Gauntlet portal to replace Labyrinths * Nemelex Xobeh rework * Nine unrandarts reworked and the new 'Rift' unrandart added * Support for seeded dungeon play * build requires python and python-pyYAML Update to 0.22.0 * Player ghosts now only appear in sealed ghost vaults * New spell library interface * User interface revamp for Tiles and WebTiles Moderate SUSE bug 1169381 CVE-2020-11722 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for GraphicsMagick fixes the following issues: - CVE-2019-19950: Fixed a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. (boo#1159852) - CVE-2019-19951: Fixed a heap-based buffer overflow in ImportRLEPixels() (boo#1160321). - CVE-2019-19953: Fixed a heap-based buffer overflow in EncodeImage() (boo#1160364). Moderate SUSE bug 1159852 SUSE bug 1160321 SUSE bug 1160364 CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo#1168029 OSA-2020-10: * Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. - CVE-2020-1772 boo#1168029 OSA-2020-09: * Information Disclosure It’s possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. - CVE-2020-1771 boo#1168030 OSA-2020-08: * Possible XSS in Customer user address book Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. - CVE-2020-1770 boo#1168031 OSA-2020-07: * Information disclosure in support bundle files Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. - CVE-2020-1769 boo#1168032 OSA-2020-06: * Autocomplete in the form login screens In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. Update to 5.0.41 https://community.otrs.com/otrs-community-edition-5s-patch-level-41/ * bug#14912 - Installer refers to non-existing documentation - added code to upgrade OTRS from 4 to 5 READ UPGRADING.SUSE * steps 1 to 4 are done by rpm pkg * steps 5 to *END* need to be done manually cause of DB backup Update to 5.0.40 https://community.otrs.com/otrs-community-edition-5s-patch-level-40/ - CVE-2020-1766 boo#1160663 OSA-2020-02: Improper handling of uploaded inline images Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. * CVE-2020-1765, OSA-2020-01: Spoofing of From field in several screens An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound * run bin/otrs.Console.pl Maint::Config::Rebuild after the upgrade - Update 5.0.39 https://community.otrs.com/otrs-community-edition-5s-patch-level-39/ * CVE-2019-18180 boo#1157001 OSA-2019-15: Denial of service OTRS can be put into an endless loop by providing filenames with overly long extensions. This applies to the PostMaster (sending in email) and also upload (attaching files to mails, for example). * CVE-2019-18179 OSA-2019-14: Information Disclosure An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. Update to 5.0.38 https://community.otrs.com/release-notes-otrs-5s-patch-level-38/ * CVE-2019-16375, boo#1156431 OSA-2019-13: Stored XXS An attacker who is logged into OTRS as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent compose an answer to the original article. Update to 5.0.37 https://community.otrs.com/release-notes-otrs-5s-patch-level-37/ * CVE-2019-13458, boo#1141432, OSA-2019-12: Information Disclosure An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS tags in templates in order to disclose hashed user passwords. * CVE-2019-13457, boo#1141431, OSA-2019-11: Information Disclosure A customer user can use the search results to disclose information from their “company” tickets (with the same CustomerID), even when CustomerDisableCompanyTicketAccess setting is turned on. * CVE-2019-12746, boo#1141430, OSA-2019-10: Session ID Disclosure A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then potentially abused in order to impersonate the agent user. Update to 5.0.36 https://community.otrs.com/release-notes-otrs-5s-patch-level-36/ * CVE-2019-12497, boo#1137614, OSA-2019-09: Information Disclosure In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. * CVE-2019-12248, boo#1137615, OSA-2019-08: Loading External Image Resources An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. Update to 5.0.35 https://community.otrs.com/release-notes-otrs-5s-patch-level-35/ * CVE-2019-10067, boo#1139406, OSA-2019-05: Reflected and Stored XSS An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. * CVE-2019-9892, boo#1139406, OSA-2019-04: XXE Processing An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. - update missing CVE for OSA-2018-10, OSA-2019-01 Update to 5.0.34 * https://community.otrs.com/release-notes-otrs-5s-patch-level-34/ * CVE-2019-9752, boo#1122560, OSA-2019-01: Stored XSS An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. Update to 5.0.33 * https://community.otrs.com/release-notes-otrs-5s-patch-level-33/ Update to 5.0.26 * https://www.otrs.com/release-notes-otrs-5s-patch-level-26 * https://www.otrs.com/release-notes-otrsitsm-module-5s-patch-level-26/ - remove obsolete * otrs-scheduler.service * otrs-scheduler.init Moderate SUSE bug 1122560 SUSE bug 1137614 SUSE bug 1137615 SUSE bug 1139406 SUSE bug 1141430 SUSE bug 1141431 SUSE bug 1141432 SUSE bug 1156431 SUSE bug 1157001 SUSE bug 1160663 SUSE bug 1168029 SUSE bug 1168030 SUSE bug 1168031 SUSE bug 1168032 CVE-2019-10067 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746 CVE-2019-13457 CVE-2019-13458 CVE-2019-16375 CVE-2019-18179 CVE-2019-18180 CVE-2019-9752 CVE-2019-9892 CVE-2020-1765 CVE-2020-1766 CVE-2020-1769 CVE-2020-1770 CVE-2020-1771 CVE-2020-1772 CVE-2020-1773 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). - Fixed an issue in TLS-EAP where the OCSP verification, when an intermediate client certificate was not explicitly trusted (bsc#1146848). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1144524 SUSE bug 1146848 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update introduces kubernetes version 1.14.1 and cri-o 1.17.1 to Leap 15.1. Important SUSE bug 1039663 SUSE bug 1042383 SUSE bug 1042387 SUSE bug 1057277 SUSE bug 1059207 SUSE bug 1061027 SUSE bug 1065972 SUSE bug 1069469 SUSE bug 1084765 SUSE bug 1084766 SUSE bug 1085009 SUSE bug 1086185 SUSE bug 1086412 SUSE bug 1095131 SUSE bug 1095154 SUSE bug 1096773 SUSE bug 1097473 SUSE bug 1100838 SUSE bug 1101010 SUSE bug 1104598 SUSE bug 1104821 SUSE bug 1112980 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1136403 SUSE bug 1144065 SUSE bug 1155323 SUSE bug 1161056 SUSE bug 1161179 CVE-2016-5195 CVE-2016-8859 CVE-2017-1002101 CVE-2018-1002105 CVE-2018-16873 CVE-2018-16874 CVE-2019-10214 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for teeworlds to version 0.7.5 fixes the following issues: Security issues fixed: - CVE-2020-12066: Fixed a denial of service against the server (boo#1170252) - CVE-2019-20787: Fixed an integer overflow when computing a tilemap size (boo#1170253) Non-security issues fixed: - multiple smaller bug fixes and improvements. Moderate SUSE bug 1170252 SUSE bug 1170253 CVE-2019-20787 CVE-2020-12066 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cacti, cacti-spine to version 1.2.11 fixes the following issues: This update is fixing multiple vulnerabilities and adding bug fixes. For more details consult the changes file. Important SUSE bug 1082318 SUSE bug 1122242 SUSE bug 1122243 SUSE bug 1122244 SUSE bug 1122245 SUSE bug 1122535 SUSE bug 1158990 SUSE bug 1158992 SUSE bug 1161297 SUSE bug 1164675 SUSE bug 1169215 CVE-2009-4112 CVE-2018-20723 CVE-2018-20724 CVE-2018-20725 CVE-2018-20726 CVE-2019-16723 CVE-2019-17357 CVE-2019-17358 CVE-2020-7106 CVE-2020-7237 CVE-2020-8813 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for phpMyAdmin to version 4.9.4 fixes the following issues: - CVE-2020-5504: SQL injection in user accounts page (boo#1160456). Important SUSE bug 1150914 SUSE bug 1157614 SUSE bug 1160456 CVE-2019-12922 CVE-2019-18622 CVE-2020-5504 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for salt fixes the following issues: - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) This update was imported from the SUSE:SLE-15-SP1:Update update project. Critical SUSE bug 1170595 CVE-2020-11651 CVE-2020-11652 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-typed-ast fixes the following issues: python-typed-ast was reverted to version 1.3.1 because it broke another package (bsc#1163532). Security issues fixed: - CVE-2019-19274: Fixed an out-of-bounds read (bsc#1161562). - CVE-2019-19275: Fixed an out-of-bounds read (bsc#1161563). Low SUSE bug 1161562 SUSE bug 1161563 SUSE bug 1163532 CVE-2019-19274 CVE-2019-19275 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for singularity fixes the following issues: - CVE-2019-19724: Fixed incorrect file permissions on user configuration and cache directories (boo#1159550). Moderate SUSE bug 1159550 CVE-2019-19724 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. (bsc#1146690 bsc#1146691 bsc#1146692 bsc#1146766 bsc#1146776 bsc#1146784 bsc#1146785 bsc#1146787) - Fixed issues where the ocfmon user was created with a default password (bsc#1021689, bsc#1146687). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1021689 SUSE bug 1146687 SUSE bug 1146690 SUSE bug 1146691 SUSE bug 1146692 SUSE bug 1146766 SUSE bug 1146776 SUSE bug 1146784 SUSE bug 1146785 SUSE bug 1146787 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244). - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1167244 SUSE bug 1168938 CVE-2020-10663 CVE-2020-10933 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field (bsc#1159352). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1149792 SUSE bug 1159352 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for git fixes the following issues: Security issues fixed: * CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). * CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930 git 2.26.0 (bsc#1167890, jsc#SLE-11608): * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.2: * bug fixes to various subcommands in specific operations git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0 * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1 * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld. - partial fix for git instaweb giving 500 error (bsc#1112230) git 2.22.0 * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0 * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). - add shadow build dependency to the -daemon subpackage. git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0 * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes git 2.17.1 * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1063412 SUSE bug 1095218 SUSE bug 1095219 SUSE bug 1110949 SUSE bug 1112230 SUSE bug 1114225 SUSE bug 1132350 SUSE bug 1149792 SUSE bug 1156651 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 SUSE bug 1167890 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 CVE-2017-15298 CVE-2018-11233 CVE-2018-11235 CVE-2018-17456 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 CVE-2020-11008 CVE-2020-5260 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392). - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140). - CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142). - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143). - arm: a CPU may speculate past the ERET instruction (bsc#1160932). Non-security issues fixed: - Xenstored Crashed during VM install (bsc#1167152) - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506) - Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490) - aacraid blocks xen commands (bsc#1155200) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1027519 SUSE bug 1134506 SUSE bug 1155200 SUSE bug 1157490 SUSE bug 1160932 SUSE bug 1165206 SUSE bug 1167007 SUSE bug 1167152 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1168143 SUSE bug 1169392 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium version 79.0.3945.117 fixes the following issues: - CVE-2020-6377: Fixed a use-after-free in audio - Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1160337 CVE-2019-5844 CVE-2019-5845 CVE-2019-5846 CVE-2020-6377 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: Security issue fixed: - CVE-2020-10704: Fixed a stack overflow in the AD DC (C)LDAP server (bsc#1169851). Non-security issues fixed: - Fixed spnego fallback from kerberos to ntlmssp in smbd server (bsc#1169473). - Fixed warning messages for non root users using smbclient (bsc#1167070). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1167070 SUSE bug 1169473 SUSE bug 1169851 CVE-2020-10704 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1165528 SUSE bug 1169658 CVE-2020-10018 CVE-2020-11793 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 81.0.4044.129 (boo#1170107): - CVE-2020-0561: Fixed a use after free in storage - CVE-2020-6462: Fixed a use after free in task scheduling - CVE-2020-6459: Fixed a use after free in payments - CVE-2020-6460: Fixed an insufficient data validation in URL formatting - CVE-2020-6458: Fixed an out of bounds read and write in PDFium Important SUSE bug 1170107 CVE-2020-0561 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6462 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Non-security issue fixed: - Improved cache handling with chunked responses. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for bouncycastle fixes the following issues: Version update to 1.60: * CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code (boo#1100694) * Release notes: http://www.bouncycastle.org/releasenotes.html Version update to 1.59: * CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs (boo#1072697). * Release notes: http://www.bouncycastle.org/releasenotes.html Moderate SUSE bug 1072697 SUSE bug 1100694 CVE-2017-13098 CVE-2018-1000613 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_0_0 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1158809 CVE-2019-1551 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1155346 SUSE bug 1157775 SUSE bug 1158101 SUSE bug 1158809 CVE-2019-1551 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Update to 81.0.4044.138 (boo#1171247): - CVE-2020-6831: Stack buffer overflow in SCTP - CVE-2020-6464: Type Confusion in Blink Important SUSE bug 1171247 CVE-2020-6464 CVE-2020-6831 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ovmf fixes the following issues: - CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1163927 CVE-2019-14559 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid to version 4.11 fixes the following issues: - CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-8517: Fixed a possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). - CVE-2019-12528: Fixed possible information disclosure when translating FTP server listings into HTTP responses (bsc#1162689). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1162689 SUSE bug 1162691 SUSE bug 1167373 SUSE bug 1169659 SUSE bug 1170313 CVE-2019-12519 CVE-2019-12521 CVE-2019-12528 CVE-2019-18860 CVE-2020-11945 CVE-2020-8517 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-actionview-5_1 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers (bsc#1167240). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1167240 CVE-2020-5267 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sqliteodbc fixes the following issues: Security issue fixed: - CVE-2020-12050: Fixed a privilege escalation vulnerability (boo#1171041). Non-security issues fixed: - Update to version 0.9996 * update to SQLite 3.22.0 * fixes in handling DDL in SQLExecDirect() et.al., thanks Andre Mikulec for testing * cleanup utf8/unicode conversion functions Important SUSE bug 1171041 CVE-2020-12050 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1165439 CVE-2020-1747 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rpmlint fixes the following issues: - whitelist certmonger (bsc#1169365, bsc#1129452) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1129452 SUSE bug 1169365 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Opera was updated to version 68.0.3618.63 - CHR-7889 Update chromium on desktop-stable-81-3618 to 81.0.4044.122 - CHR-7896 Update chromium on desktop-stable-81-3618 to 81.0.4044.129 - DNA-85287 Set standard spacing for Yandex prompt - DNA-85416 [Mac] Animation of tab insert is glitchy on slow machines - DNA-85568 Verify API for triggering “unread” mode with Instagram. - DNA-86027 Present Now not working in google meet after canceling it once - DNA-86028 Add a back and forward button in the Instagram panel - DNA-86029 Investigate and implement re-freshing of the instagram panel content - Update chromium to 81.0.4044.122 fixes CVE-2020-6458, CVE-2020-6459, CVE-2020-6460 - Update chromium to 81.0.4044.129 fixes CVE-2020-6461, CVE-2020-6462 Update to version 68.0.3618.56 - DNA-85256 [Win] Cookies section on site pages is white in dark mode - DNA-85474 [Mac] Dragging tabs to the left with hidden sidebar is broken - DNA-85771 DNS-over-HTTPS example in settings is wrong - DNA-85976 Change page display time when navigating from opera:startpage - CHR-7878 Update chromium on desktop-stable-81-3618 to 81.0.4044.113 (CVE-2020-6457) - DNA-78158 PATCH-1272 should be removed - DNA-84721 Weather widget is overlapped when ‘Use bigger tiles’ - DNA-85246 Implement 0-state dialog and onboarding - DNA-85354 O-menu is misplaced when opened with maximized opera - DNA-85405 Add link to Privacy Policy on the 0-state dialog - DNA-85409 Ask for geolocation EULA once - DNA-85426 Crash at opera::DownloadActionButton::Update() - DNA-85454 Add id’s to elements for testing - DNA-85493 Add “Show Weather” toggle to “Start Page” section in Easy Setup - DNA-85501 Set timestamps in geolocation exception record - DNA-85514 Add fallback when geolocation fails - DNA-85713 Report consent for geolocation on start page - DNA-85753 Fetch news configuration from new endpoint - DNA-85798 Incorrect padding in Search in Tabs window - DNA-85801 Disable notification on instagram panel - DNA-85809 Update instagram icon in the Sidebar Setup - DNA-85854 Change Instagram panel size, to fit desktop version - Complete Opera 68.0 changelog at: https://blogs.opera.com/desktop/changelog-for-68/ Update to version 67.0.3575.137 - CHR-7852 Update chromium on desktop-stable-80-3575 to 80.0.3987.163 - DNA-82540 Crash at remote_cocoa::NativeWidgetNSWindowBridge:: SetVisibilityState(remote_cocoa::mojom::WindowVisibilityState) - DNA-84951 New PiP is completely black for some 2 GPU setups - DNA-85284 Chrome “Open link in same tab, pop-up as tab [Free]” extension is no longer working in Opera - DNA-85415 [Mac] Inspect Popup not working - DNA-85530 Create API for displaying and triggering “unread” mode for messengers from in-app - DNA-85537 Let addons.opera.com interact with sidebar messengers Update to version 67.0.3575.115 - CHR-7833 Update chromium on desktop-stable-80-3575 to 80.0.3987.149 - DNA-74423 [Mac] Search/Copy popup stuck on top left of screen - DNA-82975 Crash at blink::DocumentLifecycle::EnsureStateAtMost (blink::DocumentLifecycle::LifecycleState) - DNA-83834 Crash at base::MessagePumpNSApplication:: DoRun (base::MessagePump::Delegate*) - DNA-84632 macOS 10.15.2 fail on creating testlist.json - DNA-84713 Switching through tabs broken when using workspaces Important CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slirp4netns fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in ip_reass (bsc#1170940). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1170940 CVE-2020-1983 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326). - CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1168326 SUSE bug 1168352 CVE-2020-7064 CVE-2020-7066 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Update to 68.8.0 ESR MFSA 2020-18 (bsc#1171186) * CVE-2020-12397 (bmo#1617370) Sender Email Address Spoofing using encoded Unicode characters * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Thunderbird 68.8.0 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12397 CVE-2020-6831 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix several crashes and rendering issues. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-markdown2 fixes the following issues: - CVE-2020-11888: Fixed unsanitized input for cross-site scripting (boo#1171379) Moderate SUSE bug 1171379 CVE-2020-11888 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for cacti, cacti-spine fixes the following issues: cacti-spine and cacti were updated to 1.2.12: cacti fixes: * CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure (boo#1163749) * Fix multiple graphing bugs and web UI issues * Fix multiple warnings, PHP Exceptions and errors * Content-Security-Policy prevents External Links from being opened * Prevent runtime memory issues by increasing memory limit * Improve SNMPv3 handling cacti-spine fixes: * Failed host lookup causes spine to crash Moderate SUSE bug 1163749 CVE-2020-7106 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (boo#1171363). Non-security issue fixed: - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (boo#682920) Moderate SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for icingaweb2 to version 2.7.3 fixes the following issues: icingaweb2 update to 2.7.3: * Fixed an issue where servicegroups for roles with filtered objects were not available icingaweb2 update to 2.7.2: * Performance imrovements and bug fixes icingaweb2 update to 2.7.1: * Highlight links in the notes of an object * Fixed an issue where sort rules were no longer working * Fixed an issue where statistics were shown with an anarchist way * Fixed an issue where wildcards could no show results icingaweb2 update to 2.7.0: * New languages support * Now module developers got additional ways to customize Icinga Web 2 * UI enhancements icingaweb2 update to 2.6.3: * Fixed various issues with LDAP * Fixed issues with timezone * UI enhancements * Stability fixes icingaweb2 update to 2.6.2: You can find issues and features related to this release on our Roadmap. This bugfix release addresses the following topics: * Database connections to MySQL 8 no longer fail * LDAP connections now have a timeout configuration which defaults to 5 seconds * User groups are now correctly loaded for externally authenticated users * Filters are respected for all links in the host and service group overviews * Fixed permission problems where host and service actions provided by modules were missing * Fixed an SQL error in the contact list view when filtering for host groups * Fixed time zone (DST) detection * Fixed the contact details view if restrictions are active * Doc parser and documentation fixes Fix security issues: - CVE-2018-18246: fixed an CSRF in moduledisable (boo#1119784) - CVE-2018-18247: fixed an XSS via /icingaweb2/navigation/add (boo#1119785) - CVE-2018-18248: fixed an XSS attack is possible via query strings or a dir parameter (boo#1119801) - CVE-2018-18249: fixed an injection of PHP ini-file directives involves environment variables as channel to send out information (boo#1119799) - CVE-2018-18250: fixed parameters that can break navigation dashlets (boo#1119800) - Remove setuid from new upstream spec file for following dirs: /etc/icingaweb2, /etc/icingaweb/modules, /etc/icingaweb2/modules/setup, /etc/icingaweb2/modules/translation, /var/log/icingaweb2 icingaweb2 updated to 2.6.1: - You can find issues and features related to this release on our [Roadmap](https://github.com/Icinga/icingaweb2/milestone/51?closed=1). - The command audit now logs a command's payload as JSON which fixes a [bug](https://github.com/Icinga/icingaweb2/issues/3535) that has been introduced in version 2.6.0. icingaweb2 was updated to 2.6.0: - You can find issues and features related to this release on our Roadmap. * Enabling you to do stuff you couldn't before - Support for PHP 7.2 added - Support for SQLite resources added - Login and Command (monitoring) auditing added with the help of a dedicated module - Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat: * Avoiding that you miss something - It's now possible to toggle between list- and grid-mode for the host- and servicegroup overviews - The servicegrid now supports to flip its axes which allows it to be put into a landscape mode - Contacts only associated with services are visible now when restricted based on host filters - Negated and combined membership filters now work as expected (#2934) - A more prominent error message in case the monitoring backend goes down - The filter editor doesn't get cleared anymore upon hitting Enter * Making your life a bit easier - The tactical overview is now filterable and can be safely put into the dashboard - It is now possible to register new announcements over the REST Api - Filtering for custom variables now works in UTF8 environments * Ensuring you understand everything - The monitoring health is now beautiful to look at and properly behaves in narrow environments - Updated German localization - Updated Italian localization * Freeing you from unrealiable things - Removed support for PHP < 5.6 - Removed support for persistent database connections Moderate SUSE bug 1101357 SUSE bug 1119784 SUSE bug 1119785 SUSE bug 1119799 SUSE bug 1119800 SUSE bug 1119801 CVE-2018-18246 CVE-2018-18247 CVE-2018-18248 CVE-2018-18249 CVE-2018-18250 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs (NC-SA-2020-018 boo#1171579). - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices of other users (NC-SA-2020-019 boo#1171572). Moderate SUSE bug 1171572 SUSE bug 1171579 CVE-2020-8154 CVE-2020-8155 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for imapfilter fixes the following issues: Imapfilter was updated to version 2.6.16 including the following security issue: - CVE-2016-10937: Added Support for SSL hostname validation (boo#1149931). Moderate SUSE bug 1149931 CVE-2016-10937 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for autoyast2 to version 4.1.15 fixes the following issues: Security issue fixed: - CVE-2019-18905: Removed all '--gpg-auto-import-keys' options from zypper commands (bsc#1140711). Non-security issue fixed: - Fix desktop files updating some icons and groups (bsc#1168123). - Restored some missing icons (bsc#1168123, bsc#1109310 and bsc#1168281). - Service for init scripts: Try to start 'network-online.target' before starting the autoyast init scripts in order to get a working network (bsc#1164105). - Always re-probe storage after pre-scripts (bsc#1170082, bsc#1133045). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1109310 SUSE bug 1133045 SUSE bug 1140711 SUSE bug 1164105 SUSE bug 1168123 SUSE bug 1168281 SUSE bug 1170082 CVE-2019-18905 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1154661 SUSE bug 1169512 CVE-2019-18218 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libbsd fixes the following issues: - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160551 CVE-2019-20367 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libredwg fixes the following issues: libredwg was updated to release 0.9.3: * Added the -x,--extnames option to dwglayers for r13-r14 DWGs. * Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle for r13. * Add DICTIONARY.itemhandles[] for r13 and r14. * Fixed some dwglayers null pointer derefs, and flush its output for each layer. * Added several overflow checks from fuzzing [CVE-2019-20010, boo#1159825], [CVE-2019-20011, boo#1159826], [CVE-2019-20012, boo#1159827], [CVE-2019-20013, boo#1159828], [CVE-2019-20014, boo#1159831], [CVE-2019-20015, boo#1159832] * Disallow illegal SPLINE scenarios [CVE-2019-20009, boo#1159824] Update to release 0.9.1: * Fixed more null pointer dereferences, overflows, hangs and memory leaks for fuzzed (i.e. illegal) DWGs. Update to release 0.9 [boo#1154080]: * Added the DXF importer, using the new dynapi and the r2000 encoder. Only for r2000 DXFs. * Added utf8text conversion functions to the dynapi. * Added 3DSOLID encoder. * Added APIs to find handles for names, searching in tables and dicts. * API breaking changes - see NEWS file in package. * Fixed null pointer dereferences, and memory leaks (except DXF importer) [boo#1129868, CVE-2019-9779] [boo#1129869, CVE-2019-9778] [boo#1129870, CVE-2019-9777] [boo#1129873, CVE-2019-9776] [boo#1129874, CVE-2019-9773] [boo#1129875, CVE-2019-9772] [boo#1129876, CVE-2019-9771] [boo#1129878, CVE-2019-9775] [boo#1129879, CVE-2019-9774] [boo#1129881, CVE-2019-9770] Update to 0.8: * add a new dynamic API, read and write all header and object fields by name * API breaking changes * Fix many errors in DXF output * Fix JSON output * Many more bug fixes to handle specific object types Moderate SUSE bug 1129868 SUSE bug 1129869 SUSE bug 1129870 SUSE bug 1129873 SUSE bug 1129874 SUSE bug 1129875 SUSE bug 1129876 SUSE bug 1129878 SUSE bug 1129879 SUSE bug 1129881 SUSE bug 1154080 SUSE bug 1159824 SUSE bug 1159825 SUSE bug 1159826 SUSE bug 1159827 SUSE bug 1159828 SUSE bug 1159831 SUSE bug 1159832 CVE-2019-20009 CVE-2019-20010 CVE-2019-20011 CVE-2019-20012 CVE-2019-20013 CVE-2019-20014 CVE-2019-20015 CVE-2019-9770 CVE-2019-9771 CVE-2019-9772 CVE-2019-9773 CVE-2019-9774 CVE-2019-9775 CVE-2019-9776 CVE-2019-9777 CVE-2019-9778 CVE-2019-9779 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1166066 CVE-2020-0034 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159928 SUSE bug 1161517 SUSE bug 1161521 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575). - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549). - CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578). - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580). - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573). Non-security issue fixed: - Enable tests when building the package on x86_64. (bsc#1146648) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1146648 SUSE bug 1169549 SUSE bug 1169573 SUSE bug 1169574 SUSE bug 1169575 SUSE bug 1169576 SUSE bug 1169578 SUSE bug 1169580 CVE-2020-11758 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-rpyc to 4.1.5 fixes the following issues: Security issue fixed: - CVE-2019-16328: Fixed a missing protocol security check that could have led to code execution (boo#1152987). Moderate SUSE bug 1152987 CVE-2019-16328 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for uftpd to version 2.11 fixes the following issues: - CVE-2020-5204: Fixed a buffer overflow in FTP PORT parser (boo#1160199). - Fixed additional bugs which could have security implications. Important SUSE bug 1160199 CVE-2020-5204 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dpdk fixes the following issues: Security issues fixed: - CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477). - CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477). - CVE-2020-10724: Fixed a missing inputs validation in Vhost-crypto (bsc#1171477). - CVE-2020-10725: Fixed a segfault caused by invalid virtio descriptors sent from a malicious guest (bsc#1171477). - CVE-2020-10726: Fixed a denial-of-service caused by VHOST_USER_GET_INFLIGHT_FD message flooding (bsc#1171477). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1171477 CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 CVE-2020-10725 CVE-2020-10726 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openconnect fixes the following issues: Security issue fixed: - CVE-2020-12105: Fixed the improper handling of negative return values from X509_check_ function calls that might have allowed MITM attacks (bsc#1170452). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1170452 CVE-2020-12105 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1155094 SUSE bug 1162825 CVE-2019-18348 CVE-2019-9674 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for pdns-recursor fixes the following issues: - update to 4.1.16 * fixes an issue where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated (CVE-2020-12244, boo#1171553) * fixes an issue where invalid hostname on the server can result in disclosure of invalid memory (CVE-2020-10030, boo#1171553) * fixes an issue in the DNS protocol has been found that allows malicious parties to use recursive DNS services to attack third party authoritative name servers (CVE-2020-10995, boo#1171553) For details see https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16 Moderate SUSE bug 1171553 CVE-2020-10030 CVE-2020-10995 CVE-2020-12244 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053). Non-security issues fixed: - Add rhino to the ant-apache-bsf optional tasks (bsc#1134001). - Remove jakarta-commons-logging dependencies (bsc#1133997). - Use apache-commons-logging in optional tasks This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1100053 SUSE bug 1133997 SUSE bug 1134001 CVE-2018-10886 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1079603 SUSE bug 1091109 CVE-2018-6942 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 [Mac] Tabs shrinking & disappearing - DNA-85629 Crash at opera::DownloadButtonPanel::ShouldShowCancelButton() - DNA-85669 Add mocking of AddressDropdownModel in AddressBarControllerTest - DNA-85678 Wrong badge icon on pages with mixed content on desktop-stable-81-3618 - DNA-85820 Flags are blue in default [D] state after restart - DNA-85822 Full screen snap on pkobp.pl - DNA-86077 Problem to upload .JPG file as an wallpaper - DNA-86165 Downloads list doesn’t returns to its original state after clearing search filter - DNA-86236 [Mac] Plus button click area too small - DNA-86241 X tab button is not visible - DNA-86217 Fix performance issue with Background Worker Important CVE-2020-6464 CVE-2020-6831 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) * CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1171928 CVE-2020-9484 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go Moderate SUSE bug 1114592 SUSE bug 1135254 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1142654 SUSE bug 1148517 SUSE bug 1149145 SUSE bug 1149995 SUSE bug 1152590 SUSE bug 1167898 CVE-2019-14250 CVE-2019-15847 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dom4j fixes the following issues: - CVE-2020-10683: Fixed an XML External Entity vulnerability in default SAX parser (bsc#1169760). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1169760 CVE-2020-10683 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dovecot23 to 2.3.10 fixes the following issues: Security issues fixed: - CVE-2020-10957: Fixed a crash caused by malformed NOOP commands (bsc#1171457). - CVE-2020-10958: Fixed a use-after-free when receiving too many newlines (bsc#1171458). - CVE-2020-10967: Fixed a crash in the lmtp and submission components caused by mails with empty quoted localparts (bsc#1171456). Non-security issues fixed: - The update to 2.3.10 fixes several bugs. Please refer to https://dovecot.org/doc/NEWS for a complete list of changes. This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1171456 SUSE bug 1171457 SUSE bug 1171458 CVE-2020-10957 CVE-2020-10958 CVE-2020-10967 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for memcached fixes the following issues: Security issue fixed: - CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817). - CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1133817 SUSE bug 1149110 CVE-2019-11596 CVE-2019-15026 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1140095 SUSE bug 1140101 SUSE bug 1154609 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for jasper fixes the following issues: - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1092115 CVE-2018-9154 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sysstat fixes the following issues: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1159104 CVE-2019-19725 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mariadb-connector-c fixes the following issues: Security issue fixed: - CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550). Non-security issues fixed: - Update to release 3.1.8 (bsc#1171550) * CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner * CONC-441: Default user name for C/C is wrong if login user is different from effective user * CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf * CONC-457: mysql_list_processes crashes in unpack_fields * CONC-458: mysql_get_timeout_value crashes when used improper * CONC-464: Fix static build for auth_gssapi_client plugin This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171550 CVE-2020-13249 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for freetds to 1.1.36 fixes the following issues: Security issue fixed: - CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 (bsc#1141132). Non-security issues fixed: - Enabled Kerberos support - Version update to 1.1.36: * Default TDS protocol version is now 'auto' * Improved UTF-8 performances * TDS Pool Server is enabled * MARS support is enabled * NTLMv2 is enabled * See NEWS and ChangeLog for a complete list of changes This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141132 CVE-2019-13508 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1157651 CVE-2019-18898 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). Other issue addressed: - Enable build-time tests (bsc#1130489) This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1130489 SUSE bug 1141680 CVE-2019-1010305 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for qemu fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). Non-security issues fixed: - Fixed an issue where limiting the memory bandwidth was not possible (bsc#1167816). - Fixed the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1158880). - Miscellaneous fixes to the in-package support documentation. This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1158880 SUSE bug 1167816 SUSE bug 1170940 CVE-2020-1983 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1167462 SUSE bug 1169511 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for axel fixes the following issues: axel was updated to 2.17.8: * CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159) * Replaced progressbar line clearing with terminal control sequence * Fixed parsing of Content-Disposition HTTP header * Fixed User-Agent HTTP header never being included Update to version 2.17.7: - Buildsystem fixes - Fixed release date for man-pages on BSD - Explicitly close TCP sockets on SSL connections too - Fixed HTTP basic auth header generation - Changed the default progress report to 'alternate output mode' - Improved English in README.md Update to version 2.17.6: - Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code - Fixed manpage reproducibility issue - Use tracker instead of PTS from Debian Update to version 2.17.5: - Fixed progress indicator misalignment - Cleaned up the wget-like progress output code - Improved progress output flushing Update to version 2.17.4: - Fixed build with bionic libc (Android) - TCP Fast Open support on Linux - TCP code cleanup - Removed dependency on libm - Data types and format strings cleanup - String handling cleanup - Format string checking GCC attributes added - Buildsystem fixes and improvements - Updates to the documentation - Updated all translations - Fixed Footnotes in documentation - Fixed a typo in README.md Update to version 2.17.3: - Builds now use canonical host triplet instead of `uname -s` - Fixed build on Darwin / Mac OS X - Fixed download loops caused by last byte pointer being off by one - Fixed linking issues (i18n and posix threads) - Updated build instructions - Code cleanup - Added autoconf-archive to building instructions Update to version 2.17.2: - Fixed HTTP request-ranges to be zero-based - Fixed typo 'too may' -> 'too many' - Replaced malloc + memset calls with calloc - Sanitize progress bar buffer len passed to memset Update to version 2.17.1: - Fixed comparison error in axel_divide - Make sure maxconns is at least 1 Update to version 2.17: - Fixed composition of URLs in redirections - Fixed request range calculation - Updated all translations - Updated build documentation - Major code cleanup - Cleanup of alternate progress output - Removed global string buffers - Fixed min and max macros - Moved User-Agent header to conf->add_header - Use integers for speed ratio and delay calculation - Added support for parsing IPv6 literal hostname - Fixed filename extraction from URL - Fixed request-target message to proxy - Handle secure protocol's schema even with SSL disabled - Fixed Content-Disposition filename value decoding - Strip leading hyphens in extracted filenames Moderate SUSE bug 1172159 CVE-2020-13614 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for GraphicsMagick fixes the following issues: - CVE-2020-12672: heap-based buffer overflow in ReadMNGImage in coders/png.c. (boo#1171271) Moderate SUSE bug 1171271 CVE-2020-12672 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1043898 SUSE bug 1043899 CVE-2017-8834 CVE-2017-8871 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172021 CVE-2019-19956 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xawtv fixes the following issues: - CVE-2020-13696: Fixed an issue in setuid-root program that which could have allowed arbitrary file existence tests and open() with O_RDWR (boo#1171655). Moderate SUSE bug 1171655 CVE-2020-13696 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted (bsc#1171997). Non-security issues fixed: - Elements on title page mixed up (bsc#1160687). - Image shadow that should be invisible shown as extraneous line below (bsc#1165870). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1160687 SUSE bug 1165870 SUSE bug 1167463 SUSE bug 1171997 CVE-2020-12801 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for glusterfs fixes the following issues: glusterfs was update to release 3.12.15: * Fixed a number of bugs and security issues: - CVE-2018-1088, CVE-2018-1112 [boo#1090084], CVE-2018-10904 [boo#1107018], CVE-2018-10907 [boo#1107019], CVE-2018-10911 [boo#1107020], CVE-2018-10913 [boo#1107021], CVE-2018-10914 [boo#1107022], CVE-2018-10923 [boo#1107023], CVE-2018-10924 [boo#1107024], CVE-2018-10926 [boo#1107025], CVE-2018-10927 [boo#1107026], CVE-2018-10928 [boo#1107027], CVE-2018-10928 [boo#1107027], CVE-2018-10929 [boo#1107028], CVE-2018-10930 [boo#1107029], boo#1105776 . Moderate SUSE bug 1090084 SUSE bug 1105776 SUSE bug 1107018 SUSE bug 1107019 SUSE bug 1107020 SUSE bug 1107021 SUSE bug 1107022 SUSE bug 1107023 SUSE bug 1107024 SUSE bug 1107025 SUSE bug 1107026 SUSE bug 1107027 SUSE bug 1107028 SUSE bug 1107029 CVE-2018-1088 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10924 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 CVE-2018-1112 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172461 SUSE bug 1172506 CVE-2020-13777 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172225 CVE-2019-20807 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 68.9.0 (bsc#1172402) - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety issues - CVE-2020-12398: Fixed a potential information leak due to security downgrade with IMAP STARTTLS - Use a symbolic icon from branding internals This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172402 CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2018-18508 CVE-2019-11745 CVE-2019-17006 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923). - CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924). - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160398 SUSE bug 1169511 SUSE bug 1171352 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). - CVE-2019-19462: relay_open in kernel/relay.c allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20806: Fixed a null pointer dereference in tw5864_handle_frame() which may had lead to denial of service (bsc#1172199). - CVE-2019-20812: The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-11608: An issue was discovered in drivers/media/usb/gspca/ov519.c that allowed NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d (bnc#1168829). - CVE-2020-11609: An issue was discovered in the stv06xx subsystem in drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93 (bnc#1168854). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add br_netfilter to kernel-default-base (bsc#1169020) - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Add driver blacklist (bsc#1051510). - ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510). - ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes). - ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes). - ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes). - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes). - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hda: Release resources at error in delayed probe (bsc#1051510). - ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510). - ALSA: hda: Skip controller resume if not needed (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add connector notifier delegation (bsc#1051510). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes). - ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510). - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510). - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510). - ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510). - ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478). - blk-mq: simplify blk_mq_make_request() (bsc#1165478). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ). - bnxt_en: Return error when allocating zero size context memory (bsc#1104745). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647). - bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1051510). - btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: relocation: add error injection points for cancelling balance (bsc#1171417). - btrfs: relocation: Check cancel request after each data page read (bsc#1171417). - btrfs: relocation: Check cancel request after each extent found (bsc#1171417). - btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417). - btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417). - btrfs: relocation: Work around dead relocation stage loop (bsc#1171417). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: check if file lock exists before sending unlock request (bsc#1168789). - ceph: demote quotarealm lookup warning to a debug message (bsc#1171692). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - cifs: Allocate encryption header through kmalloc (bsc#1144333). - cifs: allow unlock flock and OFD lock across fork (bsc#1144333). - cifs: check new file size when extending file by fallocate (bsc#1144333). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - cifs: do not share tcons with DFS (bsc#1144333). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1144333). - cifs: ensure correct super block for DFS reconnect (bsc#1144333). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1144333). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - cifs: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - cifs: smbd: Check send queue size before posting a send (bsc#1144333). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - cifs: smbd: Merge code to track pending packets (bsc#1144333). - cifs: smbd: Properly process errors on ib_post_send (bsc#1144333). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - cifs: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355). - cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - devlink: fix return value after hitting end in region read (bsc#1109837). - devlink: validate length of param values (bsc#1109837). - devlink: validate length of region addr/len (bsc#1109837). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm-raid1: fix invalid return value from dm_mirror (bsc#1172378). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: w1: add hwmon support structures (jsc#SLE-11048). - drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048). - drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048). - drm: amd/acp: fix broken menu structure (bsc#1114279) - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666). - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666). - drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956) - drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/etnaviv: fix perfmon domain interation (bsc#1113956) - drm/etnaviv: rework perfmon query infrastructure (bsc#1112178) - drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) - drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956) - drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956) - drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) - drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - Fix a backport bug, where btrfs_put_root() -> btrfs_put_fs_root() modification is not needed due to missing dependency - Following two patches needs to be combined as one commit (one adds context, later removes which affects existing patch) else commit series cannot be sequenced. - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251). - input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - ixgbe: do not check firmware errors (bsc#1170284). - kABI fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for snd_rawmidi buffer_ref field addition (git-fixes). - keys: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: core: Check request type before completing the request (git-fixes). - mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes). - mmc: cqhci: Avoid false 'cqhci: CQE stuck on' by not open-coding timeout loop (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci: Update the tuning failed messages to pr_debug level (git-fixes). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net/ethernet: add Google GVE driver (jsc#SLE-10538) - net: fec: add phy_reset_after_clk_enable() support (git-fixes). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net: hns3: fix 'tc qdisc del' failed issue (bsc#1109837). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfp: abm: fix a memory leak bug (bsc#1109837). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - nfs: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - nfs: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - nfs: Fix memory leaks and corruption in readdir (git-fixes). - nfs: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - nfs: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - nfs: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4-Fix-OPEN-CLOSE-race.patch - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pnfs: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - Redo patch for SLE15-SP1, based on feedback from IBM: patches.suse/s390-ftrace-fix-potential-crashes-when-switching-tracers (bsc#1171244 LTC#185785 git-fixes). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (bsc#1103992). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: do not set affinity for floating irqs (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi-ibmvfc-Don-t-send-implicit-logouts-prior-to-NPI.patch - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi-ibmvscsi-Fix-WARN_ON-during-event-pool-release.patch - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164780). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780). - scsi: lpfc: remove duplicate unloading checks (bsc#1164780). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi-qla2xxx-check-UNLOADING-before-posting-async-wo.patch - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi-qla2xxx-set-UNLOADING-before-waiting-for-sessio.patch - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3-fix-performance-regression-with-setting-mtime.patch - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - sunrpc: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - supported.conf: support w1 core and thermometer support - svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992). - svcrdma: Fix leak of transport addresses (git-fixes). - svcrdma: Fix trace point use-after-free race (bsc#1103992 ). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - tun: Do not put_page() for all negative return values from XDP program (bsc#1109837). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - Update config files: Build w1 bus on arm64 (jsc#SLE-11048) - Update config files: re-enable CONFIG_HAMRADIO and co (bsc#1170740) - Update patches.suse/powerpc-pseries-ddw-Extend-upper-limit-for-huge-DMA-.patch (bsc#1142685 bsc#1167867 ltc#179509 ltc#184616). - Update patches.suse/x86-mm-split-vmalloc_sync_all.patch (bsc#1165741, bsc#1166969). - Update references: patches.suse/s390-pci-do-not-set-affinity-for-floating-irqs (bsc#1171817 LTC#185819 git-fixes). - usb: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - usb: cdc-acm: restore capability check order (git-fixes). - usb: core: Fix misleading driver bug report (bsc#1051510). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - usb: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - usb: gadget: composite: Inform controller driver of self-powered (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usb: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - usb: serial: garmin_gps: add sanity checking for data length (git-fixes). - usb: serial: option: add BroadMobi BM806U (git-fixes). - usb: serial: option: add support for ASKEY WWHC050 (git-fixes). - usb: serial: option: add Wistron Neweb D19Q1 (git-fixes). - usb: serial: qcserial: Add DW5816e support (git-fixes). - usb: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - usb: uas: add quirk for LaCie 2Big Quadra (git-fixes). - usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: Add subsystem kernel public interface (jsc#SLE-11048). - w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048). - w1: keep balance of mutex locks and refcnts (jsc#SLE-11048). - w1: use put_device() if device_register() fail (jsc#SLE-11048). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/hyperv: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618). - x86: hyperv: report value of misc_features (git fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1089895 SUSE bug 1090036 SUSE bug 1103990 SUSE bug 1103991 SUSE bug 1103992 SUSE bug 1104745 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112374 SUSE bug 1113956 SUSE bug 1114279 SUSE bug 1124278 SUSE bug 1127354 SUSE bug 1127355 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1142685 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1164780 SUSE bug 1164871 SUSE bug 1165183 SUSE bug 1165478 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1166978 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1167867 SUSE bug 1168332 SUSE bug 1168670 SUSE bug 1168789 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1169762 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170284 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170617 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170621 SUSE bug 1170740 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171214 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171244 SUSE bug 1171252 SUSE bug 1171254 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171662 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171692 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171817 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171979 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172017 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172201 SUSE bug 1172202 SUSE bug 1172221 SUSE bug 1172249 SUSE bug 1172251 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172378 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-11608 CVE-2020-11609 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-13143 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916). This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1166916 SUSE bug 1172442 SUSE bug 1172443 CVE-2020-11080 CVE-2020-7598 CVE-2020-8174 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1143436 CVE-2019-3881 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for texlive-filesystem fixes the following issues: Security issues fixed: - CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740). - CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1158910 SUSE bug 1159740 CVE-2020-8016 CVE-2020-8017 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libupnp fixes the following issues: - CVE-2020-13848: A NULL ptr denial of service via crafted SSDP message was fixed (boo#1172625) Moderate SUSE bug 1172625 CVE-2020-13848 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libntlm fixes the following issues: Update to release 1.6: * CVE-2019-17455: Fixed a buffer overflow in buildSmbNtlmAuth* function. (boo#1153669) Moderate SUSE bug 1153669 CVE-2019-17455 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for prboom-plus fixes the following issues: - CVE-2019-20797: Fixed a buffer overflow in client and server code responsible for handling received UDP packets (boo#1171974) Moderate SUSE bug 1171974 CVE-2019-20797 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for varnish fixes the following issues: - CVE-2019-20637: Fixed an information leak when handling one client request and the next on the same connection (boo#1169040) - CVE-2020-11653: Fixed a performance loss due to an assertion failure and daemon restart when communicating with TLS termination proxy that uses PROXY version 2 (boo#1169039) Moderate SUSE bug 1169039 SUSE bug 1169040 CVE-2019-20637 CVE-2020-11653 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen to version 4.12.3 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205). - Added support for new 64bit libxl memory API (bsc#1167007 and bsc#1157490). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1027519 SUSE bug 1157490 SUSE bug 1167007 SUSE bug 1172205 CVE-2020-0543 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 83.0.4103.97 (boo#1171910,bsc#1172496): * CVE-2020-6463: Use after free in ANGLE (boo#1170107 boo#1171975). * CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 * CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 * CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30 * CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08 * CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25 * CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06 * CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07 * CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31 * CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18 * CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26 * CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24 * CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14 * CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21 * CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07 * CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17 * CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23 * CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26 * CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30 * CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24 * CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06 * CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21 * CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10 * CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19 * CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07 * CVE-2020-6493: Use after free in WebAuthentication. * CVE-2020-6494: Incorrect security UI in payments. * CVE-2020-6495: Insufficient policy enforcement in developer tools. * CVE-2020-6496: Use after free in payments. Important SUSE bug 1170107 SUSE bug 1171910 SUSE bug 1171975 SUSE bug 1172496 CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6477 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for file-roller fixes the following issues: - CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428). - CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a file during extraction (bsc#1151585). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1151585 SUSE bug 1169428 CVE-2019-16680 CVE-2020-11736 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service (bsc#1171496). - CVE-2020-11864: Fixed an issue which could have led to denial of service (bsc#1171499). - CVE-2020-11865: Fixed an out of bounds memory access (bsc#1171497). - CVE-2020-11866: Fixed a use after free (bsc#1171498). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171496 SUSE bug 1171497 SUSE bug 1171498 SUSE bug 1171499 CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rmt-server to version 2.5.7 fixes the following issues: - Fixed a local denial of service (bsc#1165548). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1165548 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Update to version 83.0.4103.106 (boo#1173029): * CVE-2020-6505: Use after free in speech * CVE-2020-6506: Insufficient policy enforcement in WebView * CVE-2020-6507: Out of bounds write in V8 - Enforce to not use system borders bsc#1173063 Important SUSE bug 1173029 SUSE bug 1173063 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172377 CVE-2020-13401 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1171999 CVE-2019-11048 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for fwupd fixes the following issues: - CVE-2020-10759: Fixed a potential PGP signature bypass, which could have led to installation of unsigned firmware (bsc#1172643) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172643 CVE-2020-10759 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slurm to version 18.08.9 fixes the following issues: Security issues fixed: - CVE-2019-19728: Fixed a privilege escalation with srun, where --uid might have unintended side effects (bsc#1159692). - CVE-2019-12838: Fixed SchedMD Slurm SQL Injection issue (bnc#1140709). - CVE-2019-19727: Fixed permissions of slurmdbd.conf (bsc#1155784). Bug fixes: - Fix ownership of /var/spool/slurm on new installations and upgrade (bsc#1158696). - Fix %posttrans macro _res_update to cope with added newline (bsc#1153259). - Move srun from 'slurm' to 'slurm-node': srun is required on the nodes as well so sbatch will work. 'slurm-node' is a requirement when 'slurm' is installed (bsc#1153095). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1140709 SUSE bug 1153095 SUSE bug 1153259 SUSE bug 1155784 SUSE bug 1158696 SUSE bug 1159692 CVE-2019-12838 CVE-2019-19727 CVE-2019-19728 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1171863 SUSE bug 1171864 SUSE bug 1171866 SUSE bug 1172348 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xmlgraphics-batik fixes the following issues: - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1172961 CVE-2019-17566 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675). Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error messages. - osc add: support git@ (private github) or git:// URLs correctly. - Split dependson and whatdependson commands. - Added support for osc build --shell-cmd. - Added pkg-ccache support for osc build. - Added --ccache option to osc getbinaries This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1122675 CVE-2019-3681 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1159819 SUSE bug 1169746 SUSE bug 1171978 CVE-2019-17006 CVE-2020-12399 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1027282 SUSE bug 1029377 SUSE bug 1029902 SUSE bug 1040164 SUSE bug 1042670 SUSE bug 1070853 SUSE bug 1079761 SUSE bug 1081750 SUSE bug 1083507 SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1088573 SUSE bug 1094814 SUSE bug 1107030 SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1120644 SUSE bug 1122191 SUSE bug 1129346 SUSE bug 1130840 SUSE bug 1133452 SUSE bug 1137942 SUSE bug 1138459 SUSE bug 1141853 SUSE bug 1149121 SUSE bug 1149792 SUSE bug 1149955 SUSE bug 1151490 SUSE bug 1153238 SUSE bug 1159035 SUSE bug 1159622 SUSE bug 637176 SUSE bug 658604 SUSE bug 673071 SUSE bug 709442 SUSE bug 743787 SUSE bug 747125 SUSE bug 751718 SUSE bug 754447 SUSE bug 754677 SUSE bug 787526 SUSE bug 809831 SUSE bug 831629 SUSE bug 834601 SUSE bug 871152 SUSE bug 885662 SUSE bug 885882 SUSE bug 917607 SUSE bug 942751 SUSE bug 951166 SUSE bug 983582 SUSE bug 984751 SUSE bug 985177 SUSE bug 985348 SUSE bug 989523 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for uftpd fixes the following issues: uftpd was updated to version 2.12. Changes: * Use common log message format and log level when user enters an invalid path. This unfortunately affects changes introduced in v2.11 to increase logging at default log level. Security fixes: - CVE-2020-14149: When entering an invalid directory with the FTP command CWD, a NULL ptr was deref. in a DBG() message even though the log level is set to a value lower than LOG_DEBUG. This caused uftpd to crash and cause denial of service. Depending on the init/inetd system used this could be permanent. (boo#1172959) Moderate SUSE bug 1172959 CVE-2020-14149 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). This update was imported from the SUSE:SLE-15:Update update project. Low SUSE bug 1133035 CVE-2019-3902 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1159856 SUSE bug 1159858 SUSE bug 1159860 SUSE bug 1160250 SUSE bug 1160251 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mariadb to version 10.2.32 fixes the following issues: mariadb was updated to version 10.2.32 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server. Release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10232-release-notes - https://mariadb.com/kb/en/library/mariadb-10232-changelog This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1171550 CVE-2020-13249 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Update to 83.0.4103.116 boo#1173251: * CVE-2020-6509: Use after free in extensions - Add patch to work with new ffmpeg (bsc#1173292) - Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue boo#1173107 - Disable wayland integration on openSUSE Leap 15.x (boo#1173187 boo#1173188 boo#1173254) Important SUSE bug 1173107 SUSE bug 1173187 SUSE bug 1173188 SUSE bug 1173251 SUSE bug 1173254 SUSE bug 1173292 CVE-2020-6509 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for fontforge fixes the following issues: - CVE-2020-5395: Fixed a use-after-free in SFD_GetFontMetaData() (bsc#1160220). - CVE-2020-5496: Fixed a heap-based buffer overflow in Type2NotDefSplines() (bsc#1160236). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1160220 SUSE bug 1160236 CVE-2020-5395 CVE-2020-5496 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ceph fixes the following issues: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1171921 CVE-2020-10753 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for squid fixes the following issues: squid was updated to version 4.12 Security issue fixed: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). Other issues addressed: - Reverted to slow search for new SMP shm pages due to a regression - Fixed an issue where negative responses were never cached - Fixed stall if transaction was overwriting a recently active cache entry This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173304 CVE-2020-14059 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172405 CVE-2020-8022 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889). - CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889). - CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1157268 SUSE bug 1171889 CVE-2019-18934 CVE-2020-12662 CVE-2020-12663 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 Virtualbox was updated to 6.0.22 (released May 15 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: Guest Additions: Build problems fix with Oracle Linux 8.2 (Red Hat compatible kernel) / Red Hat Enterprise Linux 8.2 / CentOS 8.2 (bug #19391) Guest Control/VBoxManage: fix handling of multiple environment variables supplied to 'VBoxManage guestcontrol VM run' (6.1.6/6.0.20 regression; bug #19518) Version bump to 6.0.20 (released April 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: - USB: Multiple enhancements improving prformance and stability - VBoxManage: Multiple fixes for guestcontrol command - Graphics: Enhancements in 2D and 3D acceleration and rendering - API: Fix for exception handling bug in Python bindings - Linux host and guest: Support Linux kernel 5.6 (bug #19312) This update fixes the following security issues: CVE-2020-2741, CVE-2020-2742, CVE-2020-2743, CVE-2020-2748, CVE-2020-2758, CVE-2020-2894, CVE-2020-2902, CVE-2020-2905, CVE-2020-2907, CVE-2020-2908, CVE-2020-2909, CVE-2020-2910, CVE-2020-2911, CVE-2020-2913, CVE-2020-2914, CVE-2020-2929, CVE-2020-2951, CVE-2020-2958, CVE-2020-2959 (bsc#1169628) Moderate SUSE bug 1169628 CVE-2020-2741 CVE-2020-2742 CVE-2020-2743 CVE-2020-2748 CVE-2020-2758 CVE-2020-2894 CVE-2020-2902 CVE-2020-2905 CVE-2020-2907 CVE-2020-2908 CVE-2020-2909 CVE-2020-2910 CVE-2020-2911 CVE-2020-2913 CVE-2020-2914 CVE-2020-2929 CVE-2020-2951 CVE-2020-2958 CVE-2020-2959 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chocolate-doom to version 3.0.1 fixes the following issues: - CVE-2020-14983: Fixed a stack-based buffer overflow in the networking code (boo#1173595). Important SUSE bug 1173595 CVE-2020-14983 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Update to version 79.0.3945.130 (boo#1161252): - CVE-2020-6378, CVE-2020-6379: Fixed a use-after-free in speech recognizer - CVE-2020-6380: Fixed an extension message verification error - Various fixes from audits, fuzzing and other initiatives Important SUSE bug 1161252 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512 features. - Fixed `cargo package --list` not working with unpublished dependencies. Update to version 1.43.0 + Language: - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having the type inferred correctly. - Attributes such as `#[cfg()]` can now be used on `if` expressions. - Syntax only changes: * Allow `type Foo: Ord` syntactically. * Fuse associated and extern items up to defaultness. * Syntactically allow `self` in all `fn` contexts. * Merge `fn` syntax + cleanup item parsing. * `item` macro fragments can be interpolated into `trait`s, `impl`s, and `extern` blocks. For example, you may now write: ```rust macro_rules! mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {} } ``` * These are still rejected *semantically*, so you will likely receive an error but these changes can be seen and parsed by macros and conditional compilation. + Compiler - You can now pass multiple lint flags to rustc to override the previous flags. For example; `rustc -D unused -A unused-variables` denies everything in the `unused` lint group except `unused-variables` which is explicitly allowed. However, passing `rustc -A unused-variables -D unused` denies everything in the `unused` lint group **including** `unused-variables` since the allow flag is specified before the deny flag (and therefore overridden). - rustc will now prefer your system MinGW libraries over its bundled libraries if they are available on `windows-gnu`. - rustc now buffers errors/warnings printed in JSON. Libraries: - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement `TryFrom<Arc<[T]>>`,`TryFrom<Box<[T]>>`, and `TryFrom<Rc<[T]>>` respectively. **Note** These conversions are only available when `N` is `0..=32`. - You can now use associated constants on floats and integers directly, rather than having to import the module. e.g. You can now write `u32::MAX` or `f32::NAN` with no imports. - `u8::is_ascii` is now `const`. - `String` now implements `AsMut<str>`. - Added the `primitive` module to `std` and `core`. This module reexports Rust's primitive types. This is mainly useful in macros where you want avoid these types being shadowed. - Relaxed some of the trait bounds on `HashMap` and `HashSet`. - `string::FromUtf8Error` now implements `Clone + Eq`. + Stabilized APIs - `Once::is_completed` - `f32::LOG10_2` - `f32::LOG2_10` - `f64::LOG10_2` - `f64::LOG2_10` - `iter::once_with` + Cargo - You can now set config `[profile]`s in your `.cargo/config`, or through your environment. - Cargo will now set `CARGO_BIN_EXE_<name>` pointing to a binary's executable path when running integration tests or benchmarks. `<name>` is the name of your binary as-is e.g. If you wanted the executable path for a binary named `my-program`you would use `env!('CARGO_BIN_EXE_my-program')`. + Misc - Certain checks in the `const_err` lint were deemed unrelated to const evaluation, and have been moved to the `unconditional_panic` and `arithmetic_overflow` lints. + Compatibility Notes - Having trailing syntax in the `assert!` macro is now a hard error. This has been a warning since 1.36.0. - Fixed `Self` not having the correctly inferred type. This incorrectly led to some instances being accepted, and now correctly emits a hard error. Update to version 1.42.0: + Language - You can now use the slice pattern syntax with subslices. - You can now use #[repr(transparent)] on univariant enums. Meaning that you can create an enum that has the exact layout and ABI of the type it contains. - There are some syntax-only changes: * default is syntactically allowed before items in trait definitions. * Items in impls (i.e. consts, types, and fns) may syntactically leave out their bodies in favor of ;. * Bounds on associated types in impls are now syntactically allowed (e.g. type Foo: Ord;). * ... (the C-variadic type) may occur syntactically directly as the type of any function parameter. These are still rejected semantically, so you will likely receive an error but these changes can be seen and parsed by procedural macros and conditional compilation. + Compiler - Added tier 2 support for armv7a-none-eabi. - Added tier 2 support for riscv64gc-unknown-linux-gnu. - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap, unwrap_err} now produce panic messages pointing to the location where they were called, rather than core's internals. Refer to Rust's platform support page for more information on Rust's tiered platform support. + Libraries - iter::Empty<T> now implements Send and Sync for any T. - Pin::{map_unchecked, map_unchecked_mut} no longer require the return type to implement Sized. - io::Cursor now derives PartialEq and Eq. - Layout::new is now const. - Added Standard Library support for riscv64gc-unknown-linux-gnu. + Stabilized APIs - CondVar::wait_while - CondVar::wait_timeout_while - DebugMap::key - DebugMap::value - ManuallyDrop::take - matches! - ptr::slice_from_raw_parts_mut - ptr::slice_from_raw_parts + Cargo - You no longer need to include extern crate proc_macro; to be able to use proc_macro; in the 2018 edition. + Compatibility Notes - Error::description has been deprecated, and its use will now produce a warning. It's recommended to use Display/to_string instead. Update to version 1.41.1: - Always check types of static items - Always check lifetime bounds of `Copy` impls - Fix miscompilation in callers of `Layout::repeat` Update to version 1.41.0: + Language - You can now pass type parameters to foreign items when implementing traits. E.g. You can now write `impl<T> From<Foo> for Vec<T> {}`. - You can now arbitrarily nest receiver types in the `self` position. E.g. you can now write `fn foo(self: Box<Box<Self>>) {}`. Previously only `Self`, `&Self`, `&mut Self`, `Arc<Self>`, `Rc<Self>`, and `Box<Self>` were allowed. - You can now use any valid identifier in a `format_args` macro. Previously identifiers starting with an underscore were not allowed. - Visibility modifiers (e.g. `pub`) are now syntactically allowed on trait items and enum variants. These are still rejected semantically, but can be seen and parsed by procedural macros and conditional compilation. + Compiler - Rustc will now warn if you have unused loop `'label`s. - Removed support for the `i686-unknown-dragonfly` target. - Added tier 3 support\* for the `riscv64gc-unknown-linux-gnu` target. - You can now pass an arguments file passing the `@path` syntax to rustc. Note that the format differs somewhat from what is found in other tooling; please see the documentation for more information. - You can now provide `--extern` flag without a path, indicating that it is available from the search path or specified with an `-L` flag. Refer to Rust's [platform support page][forge-platform-support] for more information on Rust's tiered platform support. + Libraries - The `core::panic` module is now stable. It was already stable through `std`. - `NonZero*` numerics now implement `From<NonZero*>` if it's a smaller integer width. E.g. `NonZeroU16` now implements `From<NonZeroU8>`. - `MaybeUninit<T>` now implements `fmt::Debug`. + Stabilized APIs - `Result::map_or` - `Result::map_or_else` - `std::rc::Weak::weak_count` - `std::rc::Weak::strong_count` - `std::sync::Weak::weak_count` - `std::sync::Weak::strong_count` + Cargo - Cargo will now document all the private items for binary crates by default. - `cargo-install` will now reinstall the package if it detects that it is out of date. - Cargo.lock now uses a more git friendly format that should help to reduce merge conflicts. - You can now override specific dependencies's build settings. E.g. `[profile.dev.package.image] opt-level = 2` sets the `image` crate's optimisation level to `2` for debug builds. You can also use `[profile.<profile>.build-override]` to override build scripts and their dependencies. + Misc - You can now specify `edition` in documentation code blocks to compile the block for that edition. E.g. `edition2018` tells rustdoc that the code sample should be compiled the 2018 edition of Rust. - You can now provide custom themes to rustdoc with `--theme`, and check the current theme with `--check-theme`. - You can use `#[cfg(doc)]` to compile an item when building documentation. + Compatibility Notes - As previously announced 1.41.0 will be the last tier 1 release for 32-bit Apple targets. This means that the source code is still available to build, but the targets are no longer being tested and release binaries for those platforms will no longer be distributed by the Rust project. Please refer to the linked blog post for more information. - Bump version of libssh2 for SLE15; we now need a version with libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0. Update to version 1.40.0 + Language - You can now use tuple `struct`s and tuple `enum` variant's constructors in `const` contexts. e.g. pub struct Point(i32, i32); const ORIGIN: Point = { let constructor = Point; constructor(0, 0) }; - You can now mark `struct`s, `enum`s, and `enum` variants with the `#[non_exhaustive]` attribute to indicate that there may be variants or fields added in the future. For example this requires adding a wild-card branch (`_ => {}`) to any match statements on a non-exhaustive `enum`. - You can now use function-like procedural macros in `extern` blocks and in type positions. e.g. `type Generated = macro!();` - Function-like and attribute procedural macros can now emit `macro_rules!` items, so you can now have your macros generate macros. - The `meta` pattern matcher in `macro_rules!` now correctly matches the modern attribute syntax. For example `(#[$m:meta])` now matches `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`. + Compiler - Added tier 3 support\* for the `thumbv7neon-unknown-linux-musleabihf` target. - Added tier 3 support for the `aarch64-unknown-none-softfloat` target. - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and `mips64el-unknown-linux-muslabi64` targets. + Libraries - The `is_power_of_two` method on unsigned numeric types is now a `const` function. + Stabilized APIs - BTreeMap::get_key_value - HashMap::get_key_value - Option::as_deref_mut - Option::as_deref - Option::flatten - UdpSocket::peer_addr - f32::to_be_bytes - f32::to_le_bytes - f32::to_ne_bytes - f64::to_be_bytes - f64::to_le_bytes - f64::to_ne_bytes - f32::from_be_bytes - f32::from_le_bytes - f32::from_ne_bytes - f64::from_be_bytes - f64::from_le_bytes - f64::from_ne_bytes - mem::take - slice::repeat - todo! + Cargo - Cargo will now always display warnings, rather than only on fresh builds. - Feature flags (except `--all-features`) passed to a virtual workspace will now produce an error. Previously these flags were ignored. - You can now publish `dev-dependencies` without including a `version`. + Misc - You can now specify the `#[cfg(doctest)]` attribute to include an item only when running documentation tests with `rustdoc`. + Compatibility Notes - As previously announced, any previous NLL warnings in the 2015 edition are now hard errors. - The `include!` macro will now warn if it failed to include the entire file. The `include!` macro unintentionally only includes the first _expression_ in a file, and this can be unintuitive. This will become either a hard error in a future release, or the behavior may be fixed to include all expressions as expected. - Using `#[inline]` on function prototypes and consts now emits a warning under `unused_attribute` lint. Using `#[inline]` anywhere else inside traits or `extern` blocks now correctly emits a hard error. Update to version 1.39.0 + Language - You can now create async functions and blocks with async fn, async move {}, and async {} respectively, and you can now call .await on async expressions. - You can now use certain attributes on function, closure, and function pointer parameters. - You can now take shared references to bind-by-move patterns in the if guards of match arms. + Compiler - Added tier 3 support for the i686-unknown-uefi target. - Added tier 3 support for the sparc64-unknown-openbsd target. - rustc will now trim code snippets in diagnostics to fit in your terminal. - You can now pass --show-output argument to test binaries to print the output of successful tests. + For more details: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019-11-07 - Switch to bundled version of libgit2 for now. libgit2-sys seems to expect using the bundled variant, which just seems to point to a snapshot of the master branch and doesn't match any released libgit2 (bsc#1154817). See: https://github.com/rust-lang/rust/issues/63476 and https://github.com/rust-lang/git2-rs/issues/458 for details. Update to version 1.38.0 + Language - The `#[global_allocator]` attribute can now be used in submodules. - The `#[deprecated]` attribute can now be used on macros. + Compiler - Added pipelined compilation support to `rustc`. This will improve compilation times in some cases. + Libraries - `ascii::EscapeDefault` now implements `Clone` and `Display`. - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are now available at the same path as the trait. (e.g. The `Clone` derive macro is available at `std::clone::Clone`). This also makes all built-in macros available in `std`/`core` root. e.g. `std::include_bytes!`. - `str::Chars` now implements `Debug`. - `slice::{concat, connect, join}` now accepts `&[T]` in addition to `&T`. - `*const T` and `*mut T` now implement `marker::Unpin`. - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator<T>`. - Added euclidean remainder and division operations (`div_euclid`, `rem_euclid`) to all numeric primitives. Additionally `checked`, `overflowing`, and `wrapping` versions are available for all integer primitives. - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`, and `PartialEq`. - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`. + Stabilized APIs - `<*const T>::cast` - `<*mut T>::cast` - `Duration::as_secs_f32` - `Duration::as_secs_f64` - `Duration::div_f32` - `Duration::div_f64` - `Duration::from_secs_f32` - `Duration::from_secs_f64` - `Duration::mul_f32` - `Duration::mul_f64` - `any::type_name` + Cargo - Added pipelined compilation support to `cargo`. - You can now pass the `--features` option multiple times to enable multiple features. + Misc - `rustc` will now warn about some incorrect uses of `mem::{uninitialized, zeroed}` that are known to cause undefined behaviour. Update to version 1.37.0 + Language - #[must_use] will now warn if the type is contained in a tuple, Box, or an array and unused. - You can now use the `cfg` and `cfg_attr` attributes on generic parameters. - You can now use enum variants through type alias. e.g. You can write the following: ``` type MyOption = Option<u8>; fn increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y) => y + 1, MyOption::None => 0, } } ``` - You can now use `_` as an identifier for consts. e.g. You can write `const _: u32 = 5;`. - You can now use `#[repr(align(X)]` on enums. - The `?` Kleene macro operator is now available in the 2015 edition. + Compiler - You can now enable Profile-Guided Optimization with the `-C profile-generate` and `-C profile-use` flags. For more information on how to use profile guided optimization, please refer to the rustc book. - The `rust-lldb` wrapper script should now work again. + Libraries - `mem::MaybeUninit<T>` is now ABI-compatible with `T`. + Stabilized APIs - BufReader::buffer - BufWriter::buffer - Cell::from_mut - Cell<[T]>::as_slice_of_cells - Cell<slice>::as_slice_of_cells - DoubleEndedIterator::nth_back - Option::xor - Wrapping::reverse_bits - i128::reverse_bits - i16::reverse_bits - i32::reverse_bits - i64::reverse_bits - i8::reverse_bits - isize::reverse_bits - slice::copy_within - u128::reverse_bits - u16::reverse_bits - u32::reverse_bits - u64::reverse_bits - u8::reverse_bits - usize::reverse_bits + Cargo - Cargo.lock files are now included by default when publishing executable crates with executables. - You can now specify `default-run='foo'` in `[package]` to specify the default executable to use for `cargo run`. - cargo-vendor is now provided as a sub-command of cargo + Compatibility Notes - Using `...` for inclusive range patterns will now warn by default. Please transition your code to using the `..=` syntax for inclusive ranges instead. - Using a trait object without the `dyn` will now warn by default. Please transition your code to use `dyn Trait` for trait objects instead. Crab(String), Lobster(String), Person(String), let state = Creature::Crab('Ferris'); if let Creature::Crab(name) | Creature::Person(name) = state { println!('This creature's name is: {}', name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self { Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0, 0) => true, _ => false, } } Self: PartialOrd<Self> // can write `Self` instead of `List<T>` Nil, Cons(T, Box<Self>) // likewise here fn test(&self) { println!('one'); } //~ ERROR duplicate definitions with name `test` fn test(&self) { println!('two'); } * Basic procedural macros allowing custom `#[derive]`, aka 'macros 1.1', are stable. This allows popular code-generating crates like Serde and Diesel to work ergonomically. [RFC 1681]. * [Tuple structs may be empty. Unary and empty tuple structs may be instantiated with curly braces][36868]. Part of [RFC 1506]. * [A number of minor changes to name resolution have been activated][37127]. They add up to more consistent semantics, allowing for future evolution of Rust macros. Specified in [RFC 1560], see its section on ['changes'] for details of what is different. The breaking changes here have been transitioned through the [`legacy_imports`] lint since 1.14, with no known regressions. * [In `macro_rules`, `path` fragments can now be parsed as type parameter bounds][38279] * [`?Sized` can be used in `where` clauses][37791] * [There is now a limit on the size of monomorphized types and it can be modified with the `#![type_size_limit]` crate attribute, similarly to the `#![recursion_limit]` attribute][37789] * [On Windows, the compiler will apply dllimport attributes when linking to extern functions][37973]. Additional attributes and flags can control which library kind is linked and its name. [RFC 1717]. * [Rust-ABI symbols are no longer exported from cdylibs][38117] * [The `--test` flag works with procedural macro crates][38107] * [Fix `extern 'aapcs' fn` ABI][37814] * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing. * [The `format!` expander recognizes incorrect `printf` and shell-style formatting directives and suggests the correct format][37613]. * [Only report one error for all unused imports in an import list][37456] * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705] * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979] * [Don't clone in `UnificationTable::probe`][37848] * [Remove `scope_auxiliary` to cut RSS by 10%][37764] * [Use small vectors in type walker][37760] * [Macro expansion performance was improved][37701] * [Change `HirVec<P<T>>` to `HirVec<T>` in `hir::Expr`][37642] * [Replace FNV with a faster hash function][37229] https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md rust-cbindgen is shipped in version 0.14.1. This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1115645 SUSE bug 1154817 SUSE bug 1173202 CVE-2020-1967 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1125401 SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 SUSE bug 992038 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird to version 68.4.1 fixes the following issues: Security issues fixed: - CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement - CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting - CVE-2019-17017: Type Confusion in XPCVariant.cpp - CVE-2019-17022: CSS sanitization does not escape HTML tags - CVE-2019-17024: multiple Memory safety bugs fixed Non-security issues fixed: - Various improvements when setting up an account for a Microsoft Exchange server. For example better detection for Office 365 accounts. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: - Update to version 69.0.3686.49 - CHR-7971 Update chromium on desktop-stable-83-3686 to 83.0.4103.116 (CVE-2020-6509) - DNA-79195 Wrong date on history - DNA-86090 Crash at views::View::ReorderChildView(views::View*, int) - DNA-86122 [Mac] Some popovers have incorrectly themed arrow - DNA-86833 Add hint to tell users that tab content is now searched - DNA-86906 [Search in tabs] No matching results in your open tabs label not displayed for some strings not found. - DNA-86983 Allow to search from the tile - DNA-87029 Search in tabs dropdown should disappear when resizing window - DNA-87051 No autocompletion in the address bar for Speed Dials - DNA-87091 Do not vertically center search-in-tabs dialog - DNA-87113 Crash at content::NavigationRequest::GetRenderFrameHost() - DNA-87114 Double scrollbar in bookmarks popup - DNA-87117 Hide “Provide additional details” button when crash is discarded by Socorro - DNA-87122 Hide provide more information button from infobar when crash is discarded - DNA-87153 The icons cover the inscription on the BABE picture title - DNA-87203 The scroll view changes visible area unexpectedly - DNA-87243 Provide missing translations - DNA-87245 Extend schema and report search events - DNA-87261 Allow to use search and modal at the same time - DNA-87273 Switch to dedicated subdomain - Complete Opera 69.0 changelog at: https://blogs.opera.com/desktop/changelog-for-69/ Important SUSE bug 1173251 CVE-2020-6509 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1084631 SUSE bug 1086186 SUSE bug 1086227 SUSE bug 1086228 SUSE bug 1090519 SUSE bug 1090840 SUSE bug 1106878 SUSE bug 1107592 SUSE bug 1107594 SUSE bug 1108404 SUSE bug 1115758 SUSE bug 1115774 SUSE bug 1115795 SUSE bug 1173538 CVE-2018-1000667 CVE-2018-10016 CVE-2018-10254 CVE-2018-10316 CVE-2018-16382 CVE-2018-16517 CVE-2018-16999 CVE-2018-19214 CVE-2018-19215 CVE-2018-19216 CVE-2018-8881 CVE-2018-8882 CVE-2018-8883 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1168669 SUSE bug 1173032 CVE-2020-12402 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1171883 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for hylafax+ fixes the following issues: Security issue fixed: - CVE-2020-8024 boo#1172731 hylafax+ was updated to version 7.0.2: * change FIXEDWIDTH default to better accommodate auto-rotation (13 Dec 2019) * prevent SSL_accept() from blocking (5 Dec 2019) * support libtiff v4.1 (5 Dec 2019) * fix ignoremodembusy feature broken by ModemGroup limits feature (16 Nov 2019) Version 7.0.1: * create a client timeout setting and change the default from 60 to 3600 seconds (26 Sep 2019) * extend timeout for receiving ECM frames (21 Aug 2019) * fix timeout in Class 1 frame reception (5 Aug 2019) * improve Class 1 protocol handling when MaxRecvPages exceeded (31 Jul 2019) * fix ModemGroup limit default (11 Jul 2019) * fix recovery for SSL Fax write failures (6 Jun 2019) Version 7.0.0: * add LDAP features for compatibility with ActiveDirectory (25 Mar-1 Apr 2019) * fix recovery after SSL Fax 'accept failure' (18 Mar 2019) * add TextFormat overstrike option and disable by default (6 Feb 2019) * fix the page size of cover sheets returned via notify (8 Jan 2019) * fix or silence numerous compiler warnings (19, 22, 28 Dec 2018) * fix pagehandling updating after a proxy has been used (7-8 Dec 2018) * add faxmail stderr output of RFC2047 decoding results (5 Dec 2018) * fix faxmail handling of headers encoded with UTF-8 (4 Dec 2018) * fix faxmail handling of base64-encoded text parts (4 Dec 2018) * add SSL Fax support (9-26, 29 Nov; 11, 18, 25 Dec 2018; 2, 7, 23 Jan 2019) Moderate SUSE bug 1172731 CVE-2020-8024 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for libredwg fixes the following issues: libredwg was updated to release 0.10: API breaking changes: * Added a new int *isnewp argument to all dynapi utf8text getters, if the returned string is freshly malloced or not. * removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and UNKNOWN_ENT left, with common_entity_data. * renamed BLOCK_HEADER.preview_data to preview, preview_data_size to preview_size. * renamed SHAPE.shape_no to style_id. * renamed CLASS.wasazombie to is_zombie. Bugfixes: * Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c. * Fixed encoding of added r2000 AUXHEADER address. * Fixed EED encoding from dwgrewrite. * Add several checks against [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522], [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524], [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526], [CVE-2020-6615, boo#1160527] Moderate SUSE bug 1160520 SUSE bug 1160522 SUSE bug 1160523 SUSE bug 1160524 SUSE bug 1160525 SUSE bug 1160526 SUSE bug 1160527 CVE-2020-6609 CVE-2020-6610 CVE-2020-6611 CVE-2020-6612 CVE-2020-6613 CVE-2020-6614 CVE-2020-6615 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution (bsc#1173477). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173477 CVE-2017-18922 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205). Additional upstream bug fixes (bsc#1027519) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1027519 SUSE bug 1172205 SUSE bug 1173376 SUSE bug 1173377 SUSE bug 1173378 SUSE bug 1173380 CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173576 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1173466 SUSE bug 1173467 SUSE bug 1173469 CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets (bsc#1173359). - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - CVE-2020-10760: Fixed a use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV (bsc#1173161). - Added libnetapi-devel to baselibs conf, for wine usage (bsc#1172307). - Fixed an installing issue where samba - samba-ad-dc.service did not exist and unit was not found (bsc#1171437). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1171437 SUSE bug 1172307 SUSE bug 1173159 SUSE bug 1173160 SUSE bug 1173161 SUSE bug 1173359 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1172380 CVE-2020-10756 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175). - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176). - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1172175 SUSE bug 1172176 CVE-2020-11076 CVE-2020-11077 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978) + Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258) This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1169978 SUSE bug 1173258 CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1171862 CVE-2020-12823 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1173580 CVE-2020-4044 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1180706 CVE-2020-7071 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1178909 SUSE bug 1179503 CVE-2020-25709 CVE-2020-25710 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 * changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties (bmo#1583478) * fixed: Running a quicksearch that returned no results did not offer to re-run as a global search (bmo#1663153) * fixed: Message search toolbar fixes (bmo#1681010) * fixed: Very long subject lines distorted the message compose and display windows, making them unusable (bmo#77806) * fixed: Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button (bmo#1674054) * fixed: Compose window: New message is no longer marked as 'changed' just from tabbing out of the recipient field without editing anything (bmo#1681389) * fixed: Account autodiscover fixes when using MS Exchange servers (bmo#1679759) * fixed: LDAP address book stability fix (bmo#1680914) * fixed: Messages with invalid vcard attachments were not marked as read when viewed in the preview window (bmo#1680468) * fixed: Chat: Could not add TLS certificate exceptions for XMPP connections (bmo#1590471) * fixed: Calendar: System timezone was not always properly detected (bmo#1678839) * fixed: Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event (bmo#1664731) * fixed: Various printing bugfixes (bmo#1676166) * fixed: Visual consistency and theme improvements (bmo#1682808) MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tcmu-runner fixes the following issue: - CVE-2021-3139: Fixed a LIO security issue (bsc#1180676). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180676 CVE-2021-3139 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-autobahn fixes the following issue: - CVE-2020-35678: Fixed a redirect header injection (boo#1180570). Moderate SUSE bug 1180570 CVE-2020-35678 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 NonFree This update for opera fixes the following issues: - Update to version 73.0.3856.344 - CHR-8265 Update chromium on desktop-stable-87-3856 to 87.0.4280.141 - DNA-90625 [Mac] Crash at opera::TabView:: GetPaintData(opera::TabState) const - DNA-90735 Crash at opera::BrowserSidebarModel::GetItemVisible (opera::BrowserSidebarItem const*) const - DNA-90780 Crash at extensions::CommandService::GetExtension ActionCommand(std::__1::basic_string const&, extensions:: ActionInfo::Type, extensions::CommandService::QueryType, extensions::Command*, bool*) - DNA-90821 Crash at opera::BrowserSidebarController:: Action(opera::BrowserSidebarItem const*, opera::BrowserSidebarItemContentView*) - The update to chromium 87.0.4280.141 fixes following issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2020-16043, CVE-2021-21114, CVE-2020-15995, CVE-2021-21115, CVE-2021-21116 - Update to version 73.0.3856.329 - DNA-89156 Crash at content::RenderViewHostImpl::OnFocus() - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when hovering the OMenu - DNA-90189 Music service portal logotypes are blurred on Win - DNA-90336 add session data schema - DNA-90399 Address bar dropdown suggestions overlap each other - DNA-90520 Crash at absl::raw_logging_internal::RawLog(absl:: LogSeverity, char const*, int, char const*, …) - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - DNA-90600 Don’t report workspace visibility, when functionality is disabled. - DNA-90665 Collect music service statistics WP2 - DNA-90773 Bad translation from english to spanish in UI - DNA-90789 Crash at opera::ThumbnailHelper::RunNextRequest() Moderate CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for hawk2 fixes the following issues: hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). This update was imported from the SUSE:SLE-15:Update update project. Critical SUSE bug 1179998 CVE-2020-35458 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). - CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179221 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179276 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 SUSE bug 1179753 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files - Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack 'help' and split into long + short versions * added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0 *fixed: potential security issues including the following CVEs: CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344), CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319 * added: support for CMake, Travis CI, and Google's OSS-fuzz * fixed: use correction file for encode verify (pipe input, Windows) * fixed: correct WAV header with actual length (pipe input, -i option) * fixed: thumb interworking and not needing v6 architecture (ARM asm) * added: handle more ID3v2.3 tag items and from all file types * fixed: coredump on Sparc64 (changed MD5 implementation) * fixed: handle invalid ID3v2.3 tags from sacd-ripper * fixed: several corner-case memory leaks This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1091340 SUSE bug 1091341 SUSE bug 1091342 SUSE bug 1091343 SUSE bug 1091344 SUSE bug 1180414 CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 CVE-2019-1010319 CVE-2019-11498 CVE-2020-35738 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1181221 CVE-2021-3181 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: Chromium was updated to 88.0.4324.96 boo#1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in WebSQL - CVE-2021-21121: Use after free in Omnibox - CVE-2021-21122: Use after free in Blink - CVE-2021-21123: Insufficient data validation in File System API - CVE-2021-21124: Potential user after free in Speech Recognizer - CVE-2021-21125: Insufficient policy enforcement in File System API - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21126: Insufficient policy enforcement in extensions - CVE-2021-21127: Insufficient policy enforcement in extensions - CVE-2021-21128: Heap buffer overflow in Blink - CVE-2021-21129: Insufficient policy enforcement in File System API - CVE-2021-21130: Insufficient policy enforcement in File System API - CVE-2021-21131: Insufficient policy enforcement in File System API - CVE-2021-21132: Inappropriate implementation in DevTools - CVE-2021-21133: Insufficient policy enforcement in Downloads - CVE-2021-21134: Incorrect security UI in Page Info - CVE-2021-21135: Inappropriate implementation in Performance API - CVE-2021-21136: Insufficient policy enforcement in WebView - CVE-2021-21137: Inappropriate implementation in DevTools - CVE-2021-21138: Use after free in DevTools - CVE-2021-21139: Inappropriate implementation in iframe sandbox - CVE-2021-21140: Uninitialized Use in USB - CVE-2021-21141: Insufficient policy enforcement in File System API Important SUSE bug 1181137 CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180684 SUSE bug 1180685 SUSE bug 1180687 SUSE bug 1181090 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying (boo#1131885). Moderate SUSE bug 1131885 CVE-2019-10732 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for go1.14 fixes the following issues: Go was updated to version 1.14.14 (bsc#1164903). Security issues fixed: - CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145). - CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1164903 SUSE bug 1181145 SUSE bug 1181146 CVE-2021-3114 CVE-2021-3115 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for segv_handler fixes the following issues: - Replace by empty package with README explaining the removal for security reasons (boo#1180665). Moderate SUSE bug 1180665 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181414 CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for gimp fixes the following issues: - CVE-2017-17784: Fixed an insufficient string validation for input names (bsc#1073624). - CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625). - CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626). This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1073624 SUSE bug 1073625 SUSE bug 1073626 CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for chromium fixes the following issues: - Update to 87.0.4280.141 (boo#1180645) - CVE-2021-21106: Use after free in autofill - CVE-2021-21107: Use after free in drag and drop - CVE-2021-21108: Use after free in media - CVE-2021-21109: Use after free in payments - CVE-2021-21110: Use after free in safe browsing - CVE-2021-21111: Insufficient policy enforcement in WebUI - CVE-2021-21112: Use after free in Blink - CVE-2021-21113: Heap buffer overflow in Skia - CVE-2020-16043: Insufficient data validation in networking - CVE-2021-21114: Use after free in audio - CVE-2020-15995: Out of bounds write in V8 - CVE-2021-21115: Use after free in safe browsing - CVE-2021-21116: Heap buffer overflow in audio - Use main URLs instead of redirects in master preferences Important SUSE bug 1180645 CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit (bsc#1169614) This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1169614 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for privoxy fixes the following issues: privoxy was updated to 3.0.29: * Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001 * Fixed a memory leak in the show-status CGI handler when no action files are configured OVE-20201118-0002 * Fixed a memory leak in the show-status CGI handler when no filter files are configured OVE-20201118-0003 * Fixes a memory leak when client tags are active OVE-20201118-0004 * Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error OVE-20201118-0005 * Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. OVE-20201118-0006 * Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail. OVE-20201118-0007 * Fixed memory leaks in the show-status CGI handler when memory allocations fail OVE-20201118-0008 * Add experimental https inspection support * Use JIT compilation for static filtering for speedup * Add support for Brotli decompression, add 'no-brotli-accepted' filter which prevents the use of Brotli compression * Add feature to gather exended statistics * Use IP_FREEBIND socket option to help with failover * Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with 'PCRE-HOST-PATTERN:' * Added 'Cross-origin resource sharing' (CORS) support * Add SOCKS5 username/password support * Bump the maximum number of action and filter files to 100 each * Fixed handling of filters with 'split-large-forms 1' when using the CGI editor. * Better detect a mismatch of connection details when figuring out whether or not a connection can be reused * Don't send a 'Connection failure' message instead of the 'DNS failure' message * Let LOG_LEVEL_REQUEST log all requests * Improvements to default Action file License changed to GPLv3. - remove packaging vulnerability boo#1157449 Moderate SUSE bug 1157449 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406). Non-security issues fixed: - Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3. This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1174920 SUSE bug 1180405 SUSE bug 1180406 CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). This update was imported from the SUSE:SLE-15-SP1:Update update project. Important SUSE bug 1179999 CVE-2020-35459 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1179998 CVE-2020-35458 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable (bnc#1179508). - CVE-2020-29569: The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback (bnc#1179509). - CVE-2020-25639: Bail out of nouveau_channel_new if channel init fails (bsc#1176846). - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore (bnc#1178372 1180676). - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332 (bnc#1180559). - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960). - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180031). - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation (bnc#1180086). - CVE-2020-0465: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180029). - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180027). - CVE-2020-29660: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745). - CVE-2020-29661: A locking issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745). - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel (bnc#1179107). - CVE-2020-11668: In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandled invalid descriptors, aka CID-a246b4d54770 (bnc#1168952). - CVE-2019-20934: An issue was discovered in the Linux kernel On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c (bnc#1179663). - CVE-2020-27786: A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation (bnc#1179601). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes). - Avoid a GCC warning about '/*' within a comment. - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Drop a backported uvcvideo patch that caused a regression (bsc#1180117) Also blacklisting the commit - EDAC/amd64: Fix PCI component registration (bsc#1112178). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks' (git-fixes). - Revert 'ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO' (git-fixes). - Revert 'PM / devfreq: Modify the device name as devfreq(X) for sysfs' (git-fixes). - Revert 'device property: Keep secondary firmware node secondary by type' (git-fixes). - Revert 'platform/x86: wmi: Destroy on cleanup rather than unregister' (git-fixes). - Revert 'powerpc/pseries/hotplug-cpu: Remove double free in error path' (bsc#1065729). - Revert 'serial: amba-pl011: Make sure we initialize the port.lock spinlock' (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - USB: Skip endpoints with 0 maxpacket length (git-fixes). - USB: UAS: introduce a quirk to set no_write_same (git-fixes). - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes). - USB: ldusb: use unsigned size format specifiers (git-fixes). - USB: serial: ch341: add new Product ID for CH341A (git-fixes). - USB: serial: ch341: sort device-id entries (git-fixes). - USB: serial: digi_acceleport: clean up modem-control handling (git-fixes). - USB: serial: digi_acceleport: clean up set_termios (git-fixes). - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - USB: serial: digi_acceleport: remove in_interrupt() usage. - USB: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - USB: serial: digi_acceleport: rename tty flag variable (git-fixes). - USB: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes). - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - USB: serial: keyspan_pda: fix stalled writes (git-fixes). - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - USB: serial: keyspan_pda: fix write deadlock (git-fixes). - USB: serial: keyspan_pda: fix write unthrottling (git-fixes). - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - USB: serial: kl5kusb105: fix memleak on open (git-fixes). - USB: serial: mos7720: fix parallel-port state restore (git-fixes). - USB: serial: option: add Fibocom NL668 variants (git-fixes). - USB: serial: option: add interface-number sanity check to flag handling (git-fixes). - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - USB: serial: option: fix Quectel BG96 matching (git-fixes). - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes). - USB: yurex: fix control-URB timeout handling (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes). - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes). - docs: Fix reST markup when linking to sections (git-fixes). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/gma500: fix double free of gma_connector (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes). - ext4: correctly report 'not supported' for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) - fbcon: Remove the superfluous break (bsc#1129770) - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gp8psk: initialize stats at power control logic (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: bcmgenet: reapply manual settings to the PHY (git-fixes). - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes). - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - blacklist.conf: - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes). - net: phy: micrel: make sure the factory test bit is cleared (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes). - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: Remove unneeded break statements (bsc#1164780). - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: always relink the port (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: select CONFIG_CRC32 (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - wan: ds26522: select CONFIG_BITREVERSE (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wil6210: select CONFIG_CRC32 (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178). - x86/mm: Fix leak of pmd ptlock (bsc#1112178). - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Do not move a task to the same resource group (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). Important SUSE bug 1040855 SUSE bug 1044120 SUSE bug 1044767 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1109695 SUSE bug 1112178 SUSE bug 1115431 SUSE bug 1129770 SUSE bug 1138374 SUSE bug 1139944 SUSE bug 1144912 SUSE bug 1152457 SUSE bug 1163727 SUSE bug 1164780 SUSE bug 1168952 SUSE bug 1171078 SUSE bug 1172145 SUSE bug 1172538 SUSE bug 1172694 SUSE bug 1174784 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176846 SUSE bug 1176956 SUSE bug 1177666 SUSE bug 1178049 SUSE bug 1178270 SUSE bug 1178372 SUSE bug 1178401 SUSE bug 1178590 SUSE bug 1178634 SUSE bug 1178762 SUSE bug 1178900 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179082 SUSE bug 1179107 SUSE bug 1179142 SUSE bug 1179204 SUSE bug 1179444 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179520 SUSE bug 1179575 SUSE bug 1179578 SUSE bug 1179601 SUSE bug 1179663 SUSE bug 1179670 SUSE bug 1179671 SUSE bug 1179672 SUSE bug 1179673 SUSE bug 1179711 SUSE bug 1179713 SUSE bug 1179714 SUSE bug 1179715 SUSE bug 1179716 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1179724 SUSE bug 1179745 SUSE bug 1179810 SUSE bug 1179888 SUSE bug 1179895 SUSE bug 1179896 SUSE bug 1179960 SUSE bug 1179963 SUSE bug 1180027 SUSE bug 1180029 SUSE bug 1180031 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180117 SUSE bug 1180258 SUSE bug 1180506 SUSE bug 1180559 SUSE bug 1180676 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-25639 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for vlc fixes the following issues: Update to 3.0.11.1: - CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727) - CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755) Important SUSE bug 1133290 SUSE bug 1172727 SUSE bug 1180755 CVE-2020-13428 CVE-2020-26664 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for python-jupyter_notebook fixes the following issue: - CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458). Moderate SUSE bug 1180458 CVE-2020-26215 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for ceph fixes the following issues: Security issues fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1179802 bsc#1180155). Non-security issues fixed: - Fixes an issue when check in legacy collection reaches end. (bsc#1179139) - Fixes an issue when storage service stops. (bsc#1178837) - Fix for failing test run due to missing module 'six'. (bsc#1179452) - Provide a different name for the fallback allocator in bluestore. (bsc#1180118) This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1178837 SUSE bug 1179139 SUSE bug 1179452 SUSE bug 1179802 SUSE bug 1180118 SUSE bug 1180155 CVE-2020-27781 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). This update was imported from the SUSE:SLE-15-SP1:Update update project. Moderate SUSE bug 1179602 CVE-2020-17527 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 10.23.0: * deps: upgrade npm to 6.14.8 * n-api: + create N-API version 7 + expose napi_build_version variable This update was imported from the SUSE:SLE-15:Update update project. Moderate SUSE bug 1179491 SUSE bug 1180553 SUSE bug 1180554 CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 cpe:/o:opensuse:leap:15.1 openSUSE Leap 15.1 This update for viewvc fixes the following issues: - update to 1.1.28 (boo#1167974, CVE-2020-5283): * security fix: escape subdir lastmod file name (#211) * fix standalone.py first request failure (#195) * suppress stack traces (with option to show) (#140) * distinguish text/binary/image files by icons (#166, #175) * colorize alternating file content lines (#167) * link to the instance root from the ViewVC logo (#168) * display directory and root counts, too (#169) * fix double fault error in standalone.py (#157) * support timezone offsets with minutes piece (#176) Moderate SUSE bug 1167974 CVE-2020-5283 cpe:/o:opensuse:leap:15.1